User's Manual

ManualsBrandsSMC Networks ManualsComputers & AccessoriesDOCSIS 3.0 Wireless Cable Modem Gateway

151

152

153

154

155

156

157

158

159

160

錯誤! 尚未定義樣式。

159

SMCD3GN2 Wireless Cable Modem Gateway Administrator Manual

Option Description

IPSec

IPSec Operation Lets you select the IPSec operation. Both ends of the tunnel must use the same setting; otherwise,

the VPN tunnel cannot be established. Choices are:

• ESP = Encapsulation Security Payload (ESP) protocol. ESP ensures both data authentication and

confidentiality for IP data. ESP is able to guarantee both these services by creating a new IP

packet within an ESP header and trailer. (default)

• AH = Authentication Header (AH) protocol. AH ensures data integrity and replay protection for IP

data. AH is able to guarantee data integrity by using a hash algorithm (such as MD5) and a secret

shared key to produce a Hashed Message Authentication Code (HMAC).

ESP Transform Authentication algorithm used to encrypt packet data. Choices are

• DES = faster than 3DES, but less secure. (default)

• 3DES = most secure method than DES, but with lower throughput.

• BLOWFISH = a block cipher with 8-byte blocks and 128-bit keys that provides strong encryption

and is faster than DES.

• NONE = no authentication used.

• AES = more secure than either DES or 3DES. The higher the bit rate, the stronger the encryption

but the trade-off is lower throughput.

• TWOFISH = a block cipher with 16-byte blocks and 256-bit keys that is stronger and faster than

Blowfish encryption.

Both ends of the tunnel must use the same setting; otherwise, the VPN tunnel cannot be established.

This field is gray and unavailable if AH is selected for IPSec operation.

ESP AUTH Authentication method used when ESP is selected for IPSec Operation. Both ends of the tunnel must

use the same setting; otherwise, the VPN tunnel cannot be established. Choices are:

• MD5 = a one-way hashing algorithm that produces a 128-bit digest. (default)

• SHA = a one-way hashing algorithm that produces a 160-bit digest. SHA is more secure than

MD5.

• SHA2_256 = a two-way hashing algorithm that produces a 256-bit digest. SHA2_256 is more

secure than SHA.

This field is gray and unavailable if AH is selected for IPSec operation.

AH Authentication method used when AH is selected for IPSec Operation. Both ends of the tunnel must

use the same setting; otherwise, the VPN tunnel cannot be established. Choices are:

• MD5 = a one-way hashing algorithm that produces a 128-bit digest. (default)

• SHA = a one-way hashing algorithm that produces a 160-bit digest. SHA is more secure than

MD5.

• SHA2_256 = a two-way hashing algorithm that produces a 256-bit digest. SHA2_256 is more

secure than SHA.

This field is gray and unavailable if ESP is selected for IPSec operation.

Tunnel Type Type of VPN tunnel to be established. Both ends of the tunnel must use the same setting; otherwise,

the VPN tunnel cannot be established. Choices are:

• Public = public tunnel. (default)

• Private = private tunnel.

IP Sec Life Duration Number of seconds for the IPSec lifetime. The period of time to pass before establishing a new IPSec

security association (SA) with the remote endpoint.

Tunnel Remote Host Configurations