beautypg.com

PLANET CS-1000 User Manual

Page 97

background image

Multi-Homing Security Gateway User’s Manual

WAN interface:

Select WAN 1 or WAN 2 to be the WAN port of VPN connection.

To Destination:

„ Remote Gateway – Fixed IP or Domain Name: Specify the fixed IP address or domain name of the

remote side VPN gateway.

„ Remote Gateway or Client – Dynamic IP: Select Remote Gateway or Client if there is only one user

or device in remote site and dials up to Internet with PPPoE or cable

modem.

Preshared Key:

The IKE VPN must be defined with a Preshared Key.

Encapsulation

ISAKMP Algorithm

„ENC Algorithm:

ESP (Encapsulating Security Payload) provides security for the payload (data)

sent through the VPN tunnel. Generally, you will want to enable both Encryption and Authentication.

The available encryption algorithms including: 56 bit DES-CBC, 168-bit 3DES-CBC, AES 128-bit,

AES 192-bit or AES 256-bit encryption algorithm. The default algorithm 56 bit DES-CBC.

„AUTH Method:

Authentication Method. Selects MD5 (128-bit hash) or SHA-1 (160-bit hash)

authentication algorithm. In general, SHA-1 is more secured than MD5. The default algorithm is MD5.

„

Group: Selects Group 1 (768-bit modulus), Group 2 (1024-bit modulus) or Group 5 (1536-bit

modulus). The larger the modulus, the more secure the generated key is. However, the larger the

modulus, the longer the key generation process takes. Both side of VPN tunnels must agree to

use the same group. The default algorithm is Group 1.

IPSec Algorithm:

Select Data Encryption + Authentication or Authentication Only.

Data Encryption + Authentication

„ Encryption Algorithm:

Selects 56 bit DES-CBC, 168-bit 3DES-CBC, AES 128-bit, AES 192-bit or

AES 256-bit encryption algorithm. The default algorithm is 56 bit DES-CBC.

„ Authentication Algorithm:

Selects MD5 (128-bit hash) or SHA-1 (160-bit hash) authentication

algorithm. In general, SHA-1 is more secured than MD5. The default algorithm is MD5.

Authentication Only:

Select this function the IPSec Algorithm will only be anthenticated with preshared

key.

Step 3:

Configure Optional Item paremeters if necessary.

„

Perfect Forward Secrecy: Select Group 1, Group 2 or Group 5 to enhances security by changing the

IPsec key at regular intervals, and ensuring that each key has no relationship to the previous key. The

default is NO-PFS.

„

ISAKMP Lifetime: New keys will be generated whenever the lifetime of the old keys is exceeded. The

Administrator may enable this feature if needed and enter the lifetime in seconds to re-key. The default is

3600 seconds (one hours). Selection of small values could lead to frequent re-keying, which could affect

performance.

- 91 -

See also other documents in the category PLANET Communication: