Esp (encapsulating security payload) protocol, My ip address, Secure gateway address – ZyXEL Communications P-334W User Manual

Prestige 334W User’s Guide

16-2

VPN

Screens

16.2.2 ESP (Encapsulating Security Payload) Protocol

The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. ESP
authenticating properties are limited compared to the AH due to the non-inclusion of the IP header
information during the authentication process. However, ESP is sufficient if only the upper layer protocols
need to be authenticated.

An added feature of the ESP is payload padding, which further protects communications by concealing the
size of the packet being transmitted.

Table 16-1 AH and ESP

ESP AH

DES (default)
Data Encryption Standard (DES) is a widely used method
of data encryption using a secret key. DES applies a 56-bit
key to each 64-bit block of data.

MD5 (default)
MD5 (Message Digest 5) produces a 128-bit
digest to authenticate packet data.

3DES
Triple DES (3DES) is a variant of DES, which iterates
three times with three separate keys (3 x 56 = 168 bits),
effectively doubling the strength of DES.

SHA1
SHA1 (Secure Hash Algorithm) produces a
160-bit digest to authenticate packet data.

Select DES for minimal security and 3DES for maximum. Select MD5 for minimal security and SHA-1 for

maximum security.

16.3 My IP Address

My IP Address is the WAN IP address of the Prestige. If this field is configured as 0.0.0.0, then the
Prestige will use the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel. The
Prestige has to rebuild the VPN tunnel if the My IP Address changes after setup.

16.4 Secure Gateway Address

Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure
gateway).