User`s guide

ManualsBrandsZyXEL Communications ManualsComputer equipmentSBG3500-N Series

261

262

263

264

265

266

267

268

269

270

Chapter 20 IPSec VPN

SBG3500-N000 User’s Guide

262

Tunnel Mode Choose from the following tunnel modes in the drop-down list.

• Encasulated Security Payload (ESP) - provides encrytption and the same services

offered by AH, but its authentication is weaker. If you select ESP, you must select an

Encryption algorithm and Authentication algorithm.

• Authenticating Header (AH) - provides integrity, authentication, sequence integrity

(replay resistance), and non-repudiation but not encryption. If you select AH, you

must select an Authentication algorith. specifies the authentication protocol for the

VPN header. Note the AH settings must match the remote VPN endpoint.

Encapsulation Choose the encapsulation method for the VPN from the drop-down list.

• Tunnel - encrypts the IP header information and the data.

• Transport - encrypts the data.

The SBG3500-N and remote IPSec router must use the same encapsulation.

Encryption Choose the encryption algorithm for the ESP mode from the drop-down list.

DES - a 56-bit key with the DES encryption algorithm, the default

3DES - a 168-bit key with the DES encryption algorithm, more secure

AES128 - a 128-bit key with the AES encryption algorithm

AES192 - a 192-bit key with the AES encryption algorithm

AES256 - a 256-bit key with the AES encryption algorithm

The SBG3500-N and the remote IPSec router must use the same algorithms and keys.

Longer keys require more processing power, resulting in increased latency and

decreased throughput.

Encryption Key

(CHAR)

Type the encryption key (any alphanumeric characters or

,;|’~!@#$%^&*()_+\{}”:<>/=) in the field per following rule.

DES - 8-31 characters

3DES - 24-31 characters

AES128 - 16-32 characters

AES192 - 24-31 characters

AES256 - 31 characters

You can also use hexadecimal by typing “0x” in the beginning of the key.

The remote IPSec router must have the same encryption key.

Authentication Choose the authentication algorithm from the drop-down list.

• MD5 - default

• SHA1 - more secure

Authentication

Key

Tye the encryption key (any alphanumeric characters or ,;|’~!@#$%^&*()_+\{}”:<>/

=) in the field per following rule.

MD5 - 16-20 characters

SHA1 - 20 characters

You can also use hexadecimal by typing “0x” in the beginning of the key.

The remote IPSec router must have the same encryption key.

Table 89 VPN > IPSec VPN > Setup > Edit (continued)

LABEL DESCRIPTION