Chapter 12 IPSec VPN
Table 75 Security > IPSec VPN > IPSec Setting > Manual (continued)
LABEL | DESCRIPTION |
IP | When the remote IP address type is configured to Single Address, |
Subnetmask | this field is not available. |
| When the remote IP address type is configured to Subnet, enter a |
| subnet mask on the network behind the remote IPSec router. |
|
|
Protocol | This field displays ESP and the |
| (Encapsulation Security Payload) for VPN. The ESP protocol (RFC 2406) |
| provides encryption as well as some of the services offered by AH. |
|
|
Key Exchange | Select Auto(IKE) or Manual from the |
Method | provides more protection so it is generally recommended. Manual is a |
| useful option for troubleshooting if you have problems using |
| Auto(IKE) key management. |
|
|
Encryption | Select DES, 3DES, |
Algorithm | list box. |
| When you use one of these encryption algorithms for data |
| communications, both the sending device and the receiving device |
| must use the same secret key, which can be used to encrypt and |
| decrypt the message or to generate and verify a message |
| authentication code. The DES encryption algorithm uses a |
| Triple DES (3DES) is a variation on DES that uses a |
| result, 3DES is more secure than DES. It also requires more |
| processing power, resulting in increased latency and decreased |
| throughput. This implementation of |
| Chaining (CBC) mode uses a |
| Select ESP_NULL to set up a tunnel without encryption. When you |
| select ESP_NULL, you do not enter an encryption key. |
|
|
Encryption Key | Type 16 hexadecimal |
| DES encryption algorithm or 48 hexadecimal characters if you use the |
| 3DES encryption algorithm. |
|
|
Authentication | Select SHA1 or MD5 from the |
Algorithm | Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used |
| to authenticate packet data. The SHA1 algorithm is generally |
| considered stronger than MD5, but is slower. Select MD5 for minimal |
| security and |
|
|
Authentication | Type 32 hexadecimal |
Key | MD5 authentication algorithm or 40 hexadecimal characters if you use |
| the SHA1 authentication algorithm. |
|
|
SPI | Type a number (base 10) from 1 to 999999 for the Security Parameter |
| Index. |
|
|
NAT Traversal | Select Enable if you want to set up a VPN tunnel when there are NAT |
| routers between the |
| remote IPSec router must also enable NAT traversal, and the NAT |
| routers have to forward UDP port 500 packets to the remote IPSec |
| router behind the NAT router. Otherwise, select Disable. |
|
|
Advanced IKE | Click Show Advanced Settings to display and configure more |
Settings | detailed settings of your IKE key management. Otherwise, click Hide |
| Advanced Settings. |
|
|
Enable Manual | Select this option to specify how to identify the |
ID Type | remote IPSec router. |
|
|
264 |
| |
| ||
|
|
|