User Guide

ManualsBrandsSonicWALL ManualsOtherINTERNET SECURITY APPLIANCE

131

132

133

134

135

136

137

138

139

140

SonicWALL VPN Page 137

5. Define an SPI (Security Parameter Index) that the remote SonicWALL uses to identify

the Security Association in the Incoming SPI field.

6. Define an SPI that the local SonicWALL uses to identify the Security Association in

the Outgoing SPI field.

Note: SPIs should range from 3 to 8 characters in length and include only hexadecimal

characters. Valid hexadecimal characters are “0” to “9”, and “a” to “f” inclusive (0, 1,

2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). If you enter an invalid SPI, an error message will

be displayed at the bottom of the browser window. An example of a valid SPI is

1234abcd.

Note: Each Security Association must have unique SPIs; no two Security Associations

can share the same SPIs. However, each Security Association Incoming SPI can be

the same as the Outgoing SPI.

7. Select an encryption algorithm from the Encryption Method menu. The SonicWALL

supports the following encryption algorithms:

• Tunnel Only (ESP NULL) does not provide encryption or authentication. This

option offers access to computers at private addresses behind NAT and allows

unsupported services through the SonicWALL.

• Encrypt (ESP DES) uses 56-bit DES to encrypt data. DES is an extremely secure

encryption method, supporting over 72 quadrillion possible encryption keys that can

be used to encrypt data.

• Fast Encrypt (ESP ARCFour) uses 56-bit ARCFour to encrypt data. ARCFour is a

secure encryption method and has little impact on the throughput of the SonicWALL.

• Strong Encrypt (ESP 3DES) uses 168-bit 3DES (Triple DES) to encrypt data. 3DES

is considered an almost "unbreakable" encryption method, applying three DES keys in

succession, but it significantly impacts the data throughput of the SonicWALL.

• Strong Encrypt and Authenticate (ESP 3DES HMAC MD5) uses 168 bit 3DES

encryption and HMAC MD5 authentication. 3DES is an extremely secure encryption

method, and HMAC MD5 authentication is used to verify integrity. This method

significantly impacts the data throughput of the SonicWALL.

• Encrypt for Check Point (ESP DES rfc1829) is interoperable with Check Point

Firewall-1. In Manual Keying mode, Encrypt for Check Point uses 56-bit DES as

specified in RFC 1829 as the encryption method.

• Encrypt and Authenticate (ESP DES HMAC MD5) uses 56-bit DES encryption

and HMAC MD5 authentication. This method impacts the data throughput of VPN

communications. SonicWALL VPN client software supports this method.

• Authenticate (AH MD5) uses AH to authenticate VPN communications but it does

not encrypt data.

8. Enter a 16-character hexadecimal key in the Encryption Key field if you are using DES

or ARCFour encryption. Enter a 48-character hexadecimal key if you are using Triple

DES encryption. This encryption key must match the remote SonicWALL's encryption

key.

integrated_manual.book Page 137 Friday, October 12, 2001 2:56 PM