Filter
Top Products
Prestige 794M User’s Guide
Chapter 7 VPN 86
Single Address Select Single Address to allow one VPN client with the specified IP address to
use the VPN connection.
Enter a single IP address in the IP Address field.
Subnet Select Subnet Address to allow more than one computer in the specified
subnet to use the VPN connection.
Enter the IP address and subnet mask in the IP Address and Netmask fields
respectively.
IP Range Select IP Range to allow more than one computer in the specified IP address
range to use the VPN connection.
Enter the starting and ending IP addresses in the IP Address and End IP fields
respectively.
Proposal
ESP Select ESP to provide basic authentication and data encryption for the VPN
connection.
Authentication Specify the method to authenticate data packet in this field. Choices are None,
MD5 and SHA1.
Select None to disable authentication.
Select MD5 (Message Digest 5) for minimal security and SHA1 (Secure Hash
Algorithm) for maximum security.
Encryption Specify the method to encrypt data packet in this field. Choices are NULL, DES,
3DES, AES128, AES 192 and AES 256.
When DES is used for data communications, both sender and receiver must
know the same secret key, which can be used to encrypt and decrypt the
message or to generate and verify a message authentication code. The DES
encryption algorithm uses a 56-bit key.
Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result,
3DES is more secure than DES. It also requires more processing power,
resulting in increased latency and decreased throughput.
For this implementation, select AES 128, AES 192 or AES 256 that uses
different encryption key lengths. AES is faster than 3DES. S
elect NULL to set up a tunnel without encryption. When you select NULL, you
do not enter an encryption key.
AH Select AH to authenticate and ensure the integrity of data packets.
Authentication Specify the method to authenticate data packet in this field. Choices are MD5
and SHA1.
Select MD5 (Message Digest 5) for minimal security and SHA1 (Secure Hash
Algorithm) for maximum security.
Perfect Forward
Secret
Perfect Forward Secret (PFS) is disabled (None) by default in phase 2 IPSec
SA setup. This allows faster IPSec setup, but is not so secure.
Specify an MODP (Modular Exponentiation Groups) mode from the drop-down
list box. Choices are MODP 768-bit (Group 1), MODP 1024-bit (Group 2) and
MODP 1536-bit (Group 5). The larger the random number bits, the higher the
security ut slower.
Table 44 VPN Rules (IKE): Add Policy (continued)
LABEL DESCRIPTION