Prestige 334W User’s Guide

16.2.2 ESP (Encapsulating Security Payload) Protocol

The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non-inclusion of the IP header information during the authentication process. However, ESP is sufficient if only the upper layer protocols need to be authenticated.

An added feature of the ESP is payload padding, which further protects communications by concealing the size of the packet being transmitted.

Table 16-1 AH and ESP

ESP

AH

 

 

DES (default)

MD5 (default)

Data Encryption Standard (DES) is a widely used method

MD5 (Message Digest 5) produces a 128-bit

of data encryption using a secret key. DES applies a 56-bit

digest to authenticate packet data.

key to each 64-bit block of data.

 

 

 

3DES

SHA1

Triple DES (3DES) is a variant of DES, which iterates

SHA1 (Secure Hash Algorithm) produces a

three times with three separate keys (3 x 56 = 168 bits),

160-bit digest to authenticate packet data.

effectively doubling the strength of DES.

 

 

 

Select DES for minimal security and 3DES for maximum.

Select MD5 for minimal security and SHA-1for

 

maximum security.

16.3 My IP Address

My IP Address is the WAN IP address of the Prestige. If this field is configured as 0.0.0.0, then the Prestige will use the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel. The Prestige has to rebuild the VPN tunnel if the My IP Address changes after setup.

16.4 Secure Gateway Address

Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure gateway).

16-2

VPN Screens