Support User Manuals

ZyXEL Communications 792H Router User Manual

Open as PDF

of 428

Prestige 792H G.SHDSL Router

VPN Screens 14-23

Table 14-9 VPN Manual Key

LABEL DESCRIPTION

My IP Address Enter the WAN IP address of your Prestige. The Prestige uses its current WAN IP

address (static or dynamic) in setting up the VPN tunnel if you leave this field as

0.0.0.0. The VPN tunnel has to be rebuilt if this IP address changes.

Secure Gateway

Address

Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with

which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec

router has a dynamic WAN IP address (the IPSec Key Mode field must be set to

IKE).

Security Protocol

IPSec Protocol

Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP

protocol (RFC 2406) provides encryption as well as some of the services offered by

AH. If you select ESP here, you must select options from the Authentication

Algorithm field (described later).

Encryption Algorithm

Select DES, 3DES or NULL from the drop-down list box.

When DES is used for data communications, both sender and receiver must know the

same secret key, which can be used to encrypt and decrypt the message or to

generate and verify a message authentication code. The DES encryption algorithm

uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key.

As a result, 3DES is more secure than DES. It also requires more processing power,

resulting in increased latency and decreased throughput. Select NULL to set up a

tunnel without encryption. When you select NULL, you do not enter an encryption

key.

Encapsulation Key

(only with ESP)

With DES, type a unique key 8 characters long. With 3DES, type a unique key 24

characters long. Any characters may be used, including spaces, but trailing spaces

are truncated.

Authentication

Algorithm

Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and

SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data.

The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select

MD5 for minimal security and SHA-1 for maximum security.

Authentication Key Type a unique authentication key to be used by IPSec if applicable. Enter 16

characters for MD5 authentication or 20 characters for SHA-1 authentication. Any

characters may be used, including spaces, but trailing spaces are truncated.

Back

Click Back to return to the previous screen.

previous next