User Guide

ManualsBrandsSonicWALL ManualsOtherINTERNET SECURITY APPLIANCE

111

112

113

114

115

116

117

118

119

120

SonicWALL VPN Page 117

• Phase 1 Encryption/Authentication - You can also select an encryption method

from the Encryption/Authentication for the VPN tunnel. If you select IKE using

Pre-Shared Secret for your SA, you can select from one of four encryption methods:

- DES & MD5

- DES & SHA1

- 3DES & MD5

- 3DES & SHA1

These are listed in order from least secure to most secure. If network speed is

preferred, then select DES & MD5. If network security is preferred, select 3DES &

SHA1. To compromise between network speed and network security, select DES &

SHA1.

• Phase 2 Encryption/Authentication - Each encryption method is described in the

step by step configuration instructions for Ike using preshared secret. However,

Phase 2 Encryption/Authentication is different for the Group VPN SA. The VPN

Client does not support ArcFour encryption methods, and you cannot disable

authentication in the VPN client. The following encryption methods are available for

Group VPN and are listed in order from most secure to least secure:

- Strong Encrypt and Authenticate (ESP 3DES HMAC SHA1)

- Strong Encrypt and Authenticate (ESP 3DES HMAC MD5)

- Strong Encrypt and Authenticate (ESP DES HMAC SHA1)

- Strong Encrypt and Authenticate (ESP DES HMAC MD5)

•If IKE using Pre-shared Secret is selected for the IPSec Keying Mode, the

Shared Secret field is displayed and you can type in your shared secret. If Group

VPN using preshared secret is selected, an alphanumeric key is automatically

generated.

Security Policy Settings using Manual Key

Manual Key is configured differently than IKE using Pre-shared Secret or Group

VPN. It requires an Incoming and Outgoing Security Parameter Index (SPI) as well as an

Encryption Key and Authentication Key.

• Incoming SPI - Enter the Security Parameter Index (SPI) that the remote location

transmits to identify the Security Association used for the VPN Tunnel. The SPI may be

up to eight characters long and is comprised of hexadecimal characters. Valid

hexadecimal characters are "0" to "9", and "a" to "f" inclusive (0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

a, b, c, d, e, f). The hexadecimal characters "0" to "ff" inclusive are reserved by the

Internet Engineering Task Force (IETF) and are not allowed for use as an SPI. These

numbers are not accepted by the SonicWALL when entered as an SPI; an error

message is displayed at the bottom of the Web browser window when Update is

pressed. For example, a valid SPI would be 1234abcd.

integrated_manual.book Page 117 Friday, October 12, 2001 2:56 PM