Manualshelf

User`s guide

ManualsBrandsProxicast ManualsComputer equipmentLAN-Cell 2
241242243244245246247248249250
Chapter 10 IPSec VPN Config Screens
LAN-Cell 2 User’s Guide
250
Should ideally identify itself by a domain name or dynamic domain name (it must
otherwise have My Address set to 0.0.0.0)
Should use a WAN connectivity check to this LAN-Cell’s WAN IP address
If the remote IPSec router is not a LAN-Cell, you may also want to avoid setting the IPSec
rule to nailed up.
Encryption and Authentication Algorithms
In most LAN-Cells, you can select one of the following encryption algorithms for each
proposal. The encryption algorithms are listed here in order from weakest to strongest.
Data Encryption Standard (DES) is a widely used (but breakable) method of data
encryption. It applies a 56-bit key to each 64-bit block of data.
Triple DES (3DES) is a variant of DES. It iterates three times with three separate keys,
effectively tripling the strength of DES.
Advanced Encryption Standard (AES) is a newer method of data encryption that also uses
a secret key. AES applies a 128-bit key to 128-bit blocks of data. It is faster than 3DES.
Use the commands to have the AES encryption apply 192-bit or 256-bit keys to 128-bit blocks
of data.
You can select one of the following authentication algorithms for each proposal. The
algorithms are listed here in order from weakest to strongest.
MD5 (Message Digest 5) produces a 128-bit digest to authenticate packet data.
SHA1 (Secure Hash Algorithm) produces a 160-bit digest to authenticate packet data.
IPSec SA Overview
Once the LAN-Cell and remote IPSec router have established the IKE SA, they can securely
negotiate an IPSec SA through which to send data between computers on the networks.
" The IPSec SA stays connected even if the underlying IKE SA is not available
anymore.
This section introduces the key components of an IPSec SA.
Local Network and Remote Network
In IPSec SA, the local network, the one(s) connected to the LAN-Cell, may be called the local
policy. Similarly, the remote network, the one(s) connected to the remote IPSec router, may be
called the remote policy.