beautypg.com

11 ike phases – ZyXEL Communications P-335WT User Manual

Page 226

background image

P-335 Series User’s Guide

226

Chapter 17 VPN Screens

17.11 IKE Phases

There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1
(Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and
the second one uses that SA to negotiate SAs for IPSec.

Pre-Shared Key

Type your pre-shared key in this field. A pre-shared key identifies a

communicating party during a phase 1 IKE negotiation. It is called "pre-shared"

because you have to share it with another party before you can communicate

with them over a secure connection.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal

("0-9", "A-F") characters. You must precede a hexadecimal key with a "0x” (zero

x), which is not counted as part of the 16 to 62 character range for the key. For

example, in "0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal

and “0123456789ABCDEF” is the key itself.
Both ends of the VPN tunnel must use the same pre-shared key. You will receive

a “PYLD_MALFORMED” (payload malformed) packet if the same pre-shared key

is not used on both ends

Encryption

Algorithm

Select DES or 3DES from the drop-down list box. The Prestige’s encryption

algorithm should be identical to the secure remote gateway. When DES is used

for data communications, both sender and receiver must know the same secret

key, which can be used to encrypt and decrypt the message. The DES

encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES

that uses a 168-bit key. As a result, 3DES is more secure than DES. It also

requires more processing power, resulting in increased latency and decreased

throughput.

Authentication

Algorithm

Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and

SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet

data. The SHA1 algorithm is generally considered stronger than MD5, but is

slower. Select MD5 for minimal security and SHA-1 for maximum security.

Advanced

Click Advanced to configure more detailed settings of your IKE key

management.

Apply

Click Apply to save your changes back to the Prestige.

Reset

Click Reset to begin configuring this screen afresh.

Table 73 VPN: Rule Setup (Basic)

LABEL

DESCRIPTION

See also other documents in the category ZyXEL Communications Hardware: