R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
44
Item Descri
p
tion
Encapsulation
Mode
Select the IP packet encapsulation mode for the IPsec proposal. Options include:
• Tunnel—Uses the tunnel mode.
• Transport—Uses the transport mode.
Security Protocol
Select the security protocol for the proposal. Options include:
• AH—Uses the AH protocol.
• ESP—Uses the ESP protocol.
• AH-ESP—Uses ESP first and then AH.
AH Authentication
Algorithm
Select the authentication algorithm for AH.
This item is available when the security protocol is AH or AH-ESP.
Available authentication algorithms include MD5 and SHA1.
ESP Authentication
Algorithm
Select the authentication algorithm for ESP.
This item is available when the security protocol is ESP or AH-ESP.
You can select MD5 or SHA1, or leave it null so the ESP performs no authentication.
IMPORTANT:
The ESP authentication algorithm and ESP encryption algorithm cannot be both null.
ESP Encryption
Algorithm
Select the encryption algorithm for ESP.
This item is available when the security protocol is ESP or AH-ESP.
Options include:
• DES—Uses the DES algorithm and 56-bit keys for encryption.
• 3DES—Uses the 3DES algorithm and 168-bit keys for encryption.
• AES128—Uses the AES algorithm and 128-bit keys for encryption.
• AES192—Uses the AES algorithm and 192-bit keys for encryption.
• AES256—Uses the AES algorithm and 256-bit keys for encryption.
• Leave it null so the ESP performs no encryption.
IMPORTANT:
• Higher security means more complex implementation and lower speed. DES is
enough to meet general requirements. Use 3DES when there are very high
confidentiality and security requirements.
• The ESP authentication algorithm and ESP encryption algorithm cannot be both null.
Return to IPsec configuration task list.
Configuring an IPsec policy template
Select VPN > IPSec > Policy-Template from the navigation tree to display existing IPsec policy templates,
as shown in Figure 29. T
hen, click Add to add an IPsec policy template, as shown in Figure 30.