PLANET CS-2000 User Manual

CS-2000 UTM Content Security Gateway User’s Manual

- 153 -

VPN

RSA

„

The RSA is a kind of asymmetric cryptography. User has two keys, one is the secret key can use it to

encrypt as connected. The other one is the opened key, which the sender can get it if authenticated, and

use it to encrypt the data to recipient.

Preshared Key

„

Use the Preshared Key to process the IPSec authentication in VPN.

ISAKMP

„

The IP Security Association Key Management Protocol (ISAKMP), provides the way to create

the Security Association (SA) between two PCs. The SA can access the encoding between two PCs,

and the MIS engineer can assign which key size or Preshared Key and algorithm to use. The SA also

includes many connection ways, for instance, use the ISAKMP SA between two PCs, and assign which

ENC algorithm (DES, triple DES, 40 bytes DES or not to use) and authentication to use.

Main mode

„

When starting the IKE process in VPN, will provides main mode and aggressive mode to select. The

main mode request the user authentication with 6 messages as starting the data exchange, can

enhance the data transferring security.

Aggressive mode

„

The aggressive mode still request the user authentication with only provides 3 messages as starting the

data exchange.

AH

(Authentication Header)

„

The Authentication Header is a mechanism for providing strong integrity and authentication for IP

datagram.

ESP

„

The Encapsulated Security Payload provides the authentication and authentication test. Also provides

the secure and protective data exchange.