PLANET MH-2300 User Manual

Gigabit Multi-Homing VPN Security Gateway

MH-2300

170

RSA

„ An asymmetric cryptography that involves a public and private key. The

public key can be known to everyone and is used for encrypting messages.
Messages encrypted with the public key can only be decrypted using the
private key.

Pre-Shared Key String

„ A string of Unicode characters that is used to authenticate Layer Two

Tunneling Protocol (L2TP) over Internet Protocol security (IPSec)
connections.

ISAKMP (Internet Security Association and Key Management Protocol)

„ A protocol that is used to establish Security Associations (SA) and

cryptographic keys in an Internet environment. ISAKMP provides a
framework for authentication and key exchange. It is designed to be key
exchange independent. Authenticated keying material for use with ISAKMP
are provided by protocols such as Internet Key Exchange and Kerberized
Internet Negotiation of Keys.

Main Mode

„ When associating IKE certificates, the device offers main mode and

aggressive mode to choose from. The main mode requests sending 6
messages mutually before starting the data exchange, it is to confirm the
identity of both parties, ensuring the data transferring security.

Aggressive Mode

„ The aggressive mode requests sending 3 messages mutually before

starting the data exchange, it is to confirm the identity of both parties,
ensuring the data transferring security.

AH ( Authentication Header )

„ The Authentication Header guarantees connectionless integrity and data

origin authentication of IP datagrams.

ESP (Encapsulating Security Payload)

„ The Encapsulated Security Payload provides confidentiality and integrity

protection to IP datagrams.

DES (Data Encryption Standard)

„ The Data Encryption Standard is a NIST standard encryption using 56-bit

key.

3DES (Triple-DES)

„ Triple DES is a block cipher formed from the Data Encryption Standard

(DES) cipher by using it three times. It can achieve an algorithm up to 168
bits.