Support User Manuals

ZyXEL Communications max208m Network Router User Manual

Open as PDF

of 290

Chapter 8 Security

WiMAX Device Configuration User’s Guide

141

Remote ID

Type

Select IP to identify the remote IPSec router by its IP address.

Select Domain Name to identify the remote IPSec router by a domain name.

Select E-mail to identify the remote IPSec router by an e-mail address.

Content The configuration of the remote content depends on the remote ID type.

For IP, type the IP address of the computer with which you will make the VPN

connection. If you configure this field to 0.0.0.0 or leave it blank, the WiMAX

Device will use the address in the Remote Endpoint field (refer to the Remote

Endpoint field description).

For Domain Name or E-mail, type a domain name or e-mail address by which

to identify the remote IPSec router. Use up to 31 ASCII characters including

spaces, although trailing spaces are truncated. The domain name or e-mail

address is for identification purposes only and can be any string.

It is recommended that you type an IP address other than 0.0.0.0 or use the

Domain Name or E-mail ID type in the following situations:

• When there is a NAT router between the two IPSec routers.

• When you want the WiMAX Device to distinguish between VPN connection

requests that come in from remote IPSec routers with dynamic WAN IP

addresses.

IKE Phase 1

Proposal

# This field is a sequential value, and it is not associated with a specific proposal.

The sequence of proposals should not affect performance significantly.

Encryption Select which key size and encryption algorithm to use in the IKE SA. Choices

are:

• DES - a 56-bit key with the DES encryption algorithm

• 3DES - a 168-bit key with the DES encryption algorithm

• AES128 - a 128-bit key with the AES encryption algorithm

• AES192 - a 192-bit key with the AES encryption algorithm

• AES256 - a 256-bit key with the AES encryption algorithm

The WiMAX Device and the remote IPSec router must use the same key size and

encryption algorithm. Longer keys require more processing power, resulting in

increased latency and decreased throughput.

Authentication Select which hash algorithm to use to authenticate packet data. Choices are

SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also

slower.

Remove Select an entry and click this to delete it.

Add Click this to create a new entry.

OK Click this to save the changes.

Key Group Select which Diffie-Hellman key group (DHx) you want to use for encryption

keys. Choices are:

• DH1 - use a 768-bit random number

• DH2 - use a 1024-bit random number

• DH5 - use a 1536-bit random number

The longer the key, the more secure the encryption, but also the longer it takes

to encrypt and decrypt information. Both routers must use the same DH key

group.

Table 60 IPSec VPN: Add (continued)

LABEL DESCRIPTION

previous next