Chapter 21 IPSec

Table 88 IPSec Settings > Add/Edit: Manual

LABEL

DESCRIPTION

Encryption

Select DES, 3DES, AES(aes-cbc)or ESP_NULL from the drop-down

Algorithm

list box.

 

When you use one of these encryption algorithms for data

 

communications, both the sending device and the receiving device

 

must use the same secret key, which can be used to encrypt and

 

decrypt the message or to generate and verify a message

 

authentication code. The DES encryption algorithm uses a 56-bit key.

 

Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a

 

result, 3DES is more secure than DES. It also requires more

 

processing power, resulting in increased latency and decreased

 

throughput. This implementation of AES(aes-cbc)in Cipher Block

 

Chaining (CBC) mode uses a 128-bit key. AES is faster than 3DES.

 

Select ESP_NULL to set up a tunnel without encryption. When you

 

select ESP_NULL, you do not enter an encryption key.

 

 

Encryption Key

Type 16 hexadecimal ("0-9", "A-F") characters if you select to use the

 

DES encryption algorithm or 48 hexadecimal characters if you use the

 

3DES encryption algorithm.

 

 

Authentication

Select SHA1 or MD5 from the drop-down list box. MD5 (Message

Algorithm

Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used

 

to authenticate packet data. The SHA1 algorithm is generally

 

considered stronger than MD5, but is slower. Select MD5 for minimal

 

security and SHA1 for maximum security.

 

 

Authentication

Type 32 hexadecimal ("0-9", "A-F") characters if you select to use the

Key

MD5 authentication algorithm or 40 hexadecimal characters if you use

 

the SHA1 authentication algorithm.

 

 

SPI

Type a hexadecimal number from 111 to FFFFFFFF for the Security

 

Parameter Index.

 

 

Apply

Click Apply/Save to save your changes and return to the IPSec

 

screen.

 

 

Cancel

Click Cancel to exit this screen without saving.

 

 

21.4 Technical Reference

This section provides some technical background information about the topics covered in this chapter.

256

 

VSG1432-B101 Series User’s Guide