User Guide

ManualsBrandsSonicWALL ManualsOtherINTERNET SECURITY APPLIANCE

141

142

143

144

145

146

147

148

149

150

SonicWALL VPN Page 143

5. Select Group 2 from the Phase 1 DH Group menu.

6. Define the length of time before an IKE Security Association automatically renegotiates

in the SA Life Time (secs) field. The SA Life Time can range from 120 to 9,999,999

seconds.

Note: A short SA Life Time increases security by forcing the two VPN gateways to

update the encryption and authentication keys. However, every time the VPN tunnel

renegotiates, users accessing remote resources are disconnected. Therefore, the

default SA Life Time of 28,800 seconds (8 hours) is recommended.

7. Select DES & SHA1 from the Phase 1 Encryption/Authentication menu.

8. Select the appropriate encryption algorithm from the Phase 2 Encryption/

Authentication menu. The SonicWALL supports the following encryption algorithms:

• Tunnel Only (ESP NULL) does not provide encryption or authentication, but offers

access to machines at private addresses behind NAT. It also allows unsupported

services through the SonicWALL.

• Encrypt (ESP DES) uses 56-bit DES to encrypt data. DES is an extremely secure

encryption method, supporting over 72 quadrillion possible encryption keys that can

be used to encrypt data.

• Fast Encrypt (ESP ARCFour) uses 56-bit ARCFour to encrypt data. ARCFour is a

secure encryption method, and has less impact on throughput than DES or Triple

DES. This encryption method is recommended for all but the most sensitive data.

• Strong Encrypt (ESP 3DES) uses 168-bit 3DES (Triple DES) to encrypt data. 3DES

is considered an almost "unbreakable" encryption method, applying three DES keys in

succession, but it significantly impacts the data throughput of the SonicWALL.

• Strong Encrypt and Authenticate (ESP 3DES HMAC MD5) uses 168-bit 3DES

encryption and HMAC MD5 authentication. 3DES is an extremely secure encryption

method, and HMAC MD5 authentication is used to verify integrity. This method

significantly impacts the data throughput of the SonicWALL.

• Encrypt for Check Point (ESP DES HMAC MD5) uses 56-bit DES to encrypt data

and is compatible with Check Point Firewall-1. This method impacts the data

throughput of the SonicWALL.

• Encrypt and Authenticate (ESP DES HMAC MD5) uses 56-bit DES encryption

and HMAC MD5 authentication. This method impacts the data throughput of VPN

communications. SonicWALL VPN client software supports this method.

• Authenticate (AH MD5) uses AH to authenticate the VPN communications but it

does not encrypt data.

9. Enter a alphanumeric “secret” in the Shared Secret field. The Shared Secret must

match the corresponding field in the remote SonicWALL. This field can range from 4 to

128 characters in length and is case sensitive.

integrated_manual.book Page 143 Friday, October 12, 2001 2:56 PM