User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550

211

212

213

214

215

216

217

218

219

220

Virtual Private Networking

207

• SPI Number is the Security Parameters Index. It is a hexadecimal value and must

be unique. It is used to establish and uniquely identify the tunnel. The SPI is used to

determine which key is used to encrypt and decrypt the packets. It must be of the

form 0xhex, where hex is one or more hexadecimal digits and be in the range of

0x100-0xfff. This field appears when Manual Keying has been selected.

• Authentication Key is the ESP Authentication Key. It must be of the form 0xhex,

where hex is one or more hexadecimal digits. The hex part must be exactly 32

characters long when using MD5 or 40 characters long when using SHA1 (excluding

any underscore characters). This field appears when Manual Keying has been

selected.

• Encryption Key is the ESP Encryption Key. It must be of the form 0xhex, where hex

is one or more hexadecimal digits. The hex part must be exactly 16 characters long

when using DES or 48 characters long when using 3DES (excluding any underscore

characters). This field appears when Manual Keying has been selected.

• Cipher and Hash pull down menu contains the ESP encryption/authentication

algorithms that can be used for the tunnel. The option selected must correspond to

the encryption and authentication keys used. This pull down menu appears when

Manual Keying has been selected. The options include the following:

o 3des-md5-96 uses the encryption transform following the Triple-DES standard in

Cipher-Block-Chaining mode with authentication provided by HMAC and MD5

(96-bit authenticator). It uses a 192-bit 3DES encryption key and a 128-bit

HMAC-MD5 authentication key.

o 3des-sha1-96 uses the encryption transform following the Triple-DES standard in

Cipher-Block-Chaining mode with authentication provided by HMAC and SHA1

(96-bit authenticator). It uses a 192-bit 3DES encryption key and a 160-bit

HMAC-SHA1 authentication key.

o des-md5-96 uses the encryption transform following the DES standard in Cipher-

Block-Chaining mode with authentication provided by HMAC and MD5 (96-bit

authenticator). It uses a 56-bit 3DES encryption key and a 128-bit HMAC-MD5

authentication key.

o des-sha1-96 uses the encryption transform following the DES standard in Cipher-

Block-Chaining mode with authentication provided by HMAC and SHA1 (96-bit

authenticator). It uses a 56-bit DES encryption key and a 160-bit HMAC-SHA1

authentication key.

• Local Network is the network behind the local SG unit. This field appears when

Manual Keying has been selected.