Chapter 22 IPSec VPN
SBG3500-N Series User’s Guide
281
SPI (HEX) Type a hexadecimal value (between 256 and 4095) for the Security Parameter Index
(SPI). Make sure the remote VPN endpoint has the same value in its SPI field.
Tunnel Mode Choose from the following tunnel modes in the drop-down list.
• Encasulated Security Payload (ESP) - provides encrytption and the same services
offered by AH, but its authentication is weaker. If you select ESP, you must select an
Encryption algorithm and Authentication algorithm.
• Authenticating Header (AH) - provides integrity, authentication, sequence integrity
(replay resistance), and non-repudiation but not encryption. If you select AH, you
must select an Authentication algorith. specifies the authentication protocol for the
VPN header. Note the AH settings must match the remote VPN endpoint.
Encapsulation Choose the encapsulation method for the VPN from the drop-down list.
• Tunnel - encrypts the IP header information and the data.
• Transport - encrypts the data.
The SBG3500-N Series and remote IPSec router must use the same encapsulation.
Encryption Choose the encryption algorithm for the ESP mode from the drop-down list.
DES - a 56-bit key with the DES encryption algorithm, the default
3DES - a 168-bit key with the DES encryption algorithm, more secure
AES128 - a 128-bit key with the AES encryption algorithm
AES192 - a 192-bit key with the AES encryption algorithm
AES256 - a 256-bit key with the AES encryption algorithm
The SBG3500-N Series and the remote IPSec router must use the same algorithms and
keys. Longer keys require more processing power, resulting in increased latency and
decreased throughput.
Encryption Key
(CHAR)
Type the encryption key (any alphanumeric characters or
,;|’~!@#$%^&*()_+\{}”:<>/=) in the field per following rule.
DES - 8-31 characters
3DES - 24-31 characters
AES128 - 16-32 characters
AES192 - 24-31 characters
AES256 - 31 characters
You can also use hexadecimal by typing “0x” in the beginning of the key.
The remote IPSec router must have the same encryption key.
Authentication Choose the authentication algorithm from the drop-down list.
• MD5 - default
• SHA1 - more secure
Authentication
Key
Tye the encryption key (any alphanumeric characters or ,;|’~!@#$%^&*()_+\{}”:<>/
=) in the field per following rule.
MD5 - 16-20 characters
SHA1 - 20 characters
You can also use hexadecimal by typing “0x” in the beginning of the key.
The remote IPSec router must have the same encryption key.
Table 103 VPN > IPSec VPN > Setup > Edit (continued)
LABEL DESCRIPTION
To Next Page
Loading...
