EasyManua.ls Logo

Zoom 5350 - Page 93

Zoom 5350
108 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Phase 2 Encryption
Select the key size and encryption algorithm to use for data
communications.
Null: No data encryption in IPSec SA. Not recommended.
DES: a 56-bit key with the DES encryption algorithm
3DES: a 168-bit key with the DES encryption algorithm. Both the cable
modem/router and the remote IPSec router must use the same
algorithms and key , which can be used to encrypt and decrypt the
message or to generate and verify a message authentication code. Longer
keys require more processing power, resulting in increased latency and
decreased throughput.
AES: Advanced Encryption Standard is a newer method of data
encryption that also uses a secret key. This implementation of AES
applies a 128-bit key to 128-bit blocks of data. AES is faster than 3DES.
Here you have the choice of AES-128, AES-192 and AES-256.
Phase 2 Authentication
Select the hash algorithm used to authenticate packet data in the IKE SA.
SHA1 is generally considered stronger than MD5, but it is also slower.
Phase 2 SA Lifetime
In this field define the length of time before an IPSec SA automatically
renegotiates. This value may range from 120 to 86400 seconds.
Key Management
Select to use IKE (ISAKMP) or manual key configuration in order to set
up a VPN.
IKE Negotiation Mode
Select how Security Association (SA) will be established for each
connection through IKE negotiations.
Main Mode: ensures the highest level of security when the
communicating parties are negotiating authentication (phase 1).
Aggressive Mode: quicker than Main Mode because it eliminates several
steps when the communicating parties are negotiating authentication
(phase 1).
Perfect Forward
Secrecy (PFS)
Perfect Forward Secret (PFS) is disabled by default in phase 2 IPSec SA
setup. This allows faster IPSec setup, but is not as secure. You can select
DH1, DH2 or DH5 to enable PFS.
Phase 2 DH Group Select DHx after enabling PFS.
Replay Detection
Select Enable to enable replay detection. As VPN setup is processing
intensive, the system is vulnerable to Denial of Service (DOS) attacks.
The IPSec receiver can detect and reject old or duplicate packets to
protect against replay attacks.
93

Table of Contents

Other manuals for Zoom 5350

Preview: Quick Start Guide
Quick Start Guide2 pages

Related product manuals