CS-500 Content Security Gateway User's Manual

ManualsBrandsPlanet Technology ManualsNetwork CardContent Security Gateway CS-500

101

102

103

104

105

106

107

108

109

110

Content Security Gateway User’s Manual

 Remote Gateway or Client – Dynamic IP: Select Remote Gateway or Client if there is only one user

or device and dials up to Internet with PPPoE or cable modem.

Preshared Key: The IKE VPN must be defined with a Preshared Key. The Key may be up to 128 bytes long.

Encapsulation

ISAKMP Algorithm

ENC Algorithm: ESP Encryption Algorithm. ESP (Encapsulating Security Payload) provides

security for the payload (data) sent through the VPN tunnel. Generally, you will want to enable both

Encryption and Authentication. The available encryption algorithms including: 56 bit DES-CBC,

168-bit 3DES-CBC, AES 128-bit, AES 192-bit or AES 256-bit encryption algorithm. The default

algorithm 56 bit DES-CBC.

AUTH Method: Authentication Method. Selects MD5 (128-bit hash) or SHA-1 (160-bit hash)

authentication algorithm. In general, SHA-1 is more secured than MD5. The default algorithm is MD5.

 Group: Selects Group 1 (768-bit modulus), Group 2 (1024-bit modulus) or Group 5 (1536-bit

modulus). The larger the modulus, the more secure the generated key is. However, the larger the

modulus, the longer the key generation process takes. Both side of VPN tunnels must agree to

use the same group. The default algorithm is Group 1.

IPSec Algorithm: Select Data Encryption + Authentication or Authentication Only.

Data Encryption + Authentication

 Encryption Algorithm: Selects 56 bit DES-CBC, 168-bit 3DES-CBC, AES 128-bit, AES 192-bit or

AES 256-bit encryption algorithm. The default algorithm is 56 bit DES-CBC.

 Authentication Algorithm: Selects MD5 (128-bit hash) or SHA-1 (160-bit hash) authentication

algorithm. In general, SHA-1 is more secured than MD5. The default algorithm is MD5.

Authentication Only: Select this function the IPSec Algorithm will only be anthenticated with preshared

key.

Step 3: Configure Optional Item paremeters if necessary.

 Perfect Forward Secrecy: Select Group 1, Group 2 or Group 5 to enhances security by changing the

IPsec key at regular intervals, and ensuring that each key has no relationship to the previous key. The

default is NO-PFS.

 ISAKMP Lifetime: New keys will be generated whenever the lifetime of the old keys is exceeded. The

Administrator may enable this feature if needed and enter the lifetime in seconds to re-key. The default is

3600 seconds (one hours). Selection of small values could lead to frequent re-keying, which could affect

performance.

 IPSec Lifetime: New keys will be generated whenever the lifetime of the old keys is exceeded. The

Administrator may enable this feature if needed and enter the lifetime in seconds to re-key. The default is

28800 seconds (eight hours). Selection of small values could lead to frequent re-keying, which could affect

performance.

 Mode: Select Main mode or Aggressive mode algorithm.

- 96 -