beautypg.com

3 the sa monitor screen, Figure 109 security > vpn > sa monitor – ZyXEL Communications NBG420N User Manual

Page 183

background image

Chapter 15 IPSec VPN

NBG420N User’s Guide

183

15.3 The SA Monitor Screen

In the web configurator, click

Security

> VPN > SA Monitor. Use this screen to display and

manage active VPN connections.
A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
This screen displays active VPN connections. Use Refresh to display active VPN connections.

Figure 109 Security > VPN > SA Monitor

Enable Replay

Detection

As a VPN setup is processing intensive, the system is vulnerable to Denial of

Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate

packets to protect against replay attacks. Select Yes from the drop-down menu to

enable replay detection, or select No to disable it.

IPSec Protocol

Select the security protocols used for an SA.
Both AH and ESP increase processing requirements and communications latency

(delay).
If you select ESP here, you must select options from the Encryption Algorithm

and Authentication Algorithm fields (described below).

Encryption

Algorithm

Select which key size and encryption algorithm to use in the IKE SA. Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
The NBG420N and the remote IPSec router must use the same algorithms and

keys. Longer keys require more processing power, resulting in increased latency

and decreased throughput.

Encryption Key

This field is applicable when you select ESP in the IPSec Protocol field above.
With DES, type a unique key 8 characters long. With 3DES, type a unique key 24

characters long. Any characters may be used, including spaces, but trailing

spaces are truncated.

Authentication

Algorithm

Select which hash algorithm to use to authenticate packet data in the IPSec SA.

Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5,

but it is also slower.

Authentication

Key

Type a unique authentication key to be used by IPSec if applicable. Enter 16

characters for MD5 authentication or 20 characters for SHA-1 authentication. Any

characters may be used, including spaces, but trailing spaces are truncated.

Apply

Click Apply to save your changes back to the NBG420N.

Reset

Click Reset to begin configuring this screen afresh.

Cancel

Click Cancel to exit the screen without making any changes.

Table 65 Security > VPN > Rule Setup: Manual (continued)

LABEL

DESCRIPTION

See also other documents in the category ZyXEL Communications Hardware: