Mitel WRV54G User Manual

34

Chapter 6: Configuring the Wireless-G VPN Broadband Router
The Security Tab - VPN

Wireless-G VPN Broadband Router

Encryption Algorithm. Select a method of encryption, DES or 3DES. This determines the length of the key
used to encrypt or decrypt ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. 3DES is
recommended because it is more secure. Make sure both ends of the VPN tunnel use the same encryption
method.

Encryption Key. This field specifies a key used to encrypt and decrypt IP traffic. Enter a key of hexadecimal
values. If DES is selected, the Encryption Key is 16-bit, which requires 16 hexadecimal values. If you do not
enter enough hexadecimal values, then the rest of the Encryption Key will be automatically completed with
zeroes, so the Encryption Key will be 16-bit. If 3DES is selected, the Encryption Key is 48-bit, which requires
40 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Encryption Key
will be automatically completed with zeroes, so the Encryption Key will be 48-bit. Make sure both ends of the
VPN tunnel use the same Encryption Key.

Authentication Algorithm. Select a method of authentication, MD5 or SHA1. The Authentication method
determines how the ESP packets are validated. MD5 is a one-way hashing algorithm that produces a 128-bit
digest. SHA is a one-way hashing algorithm that produces a 160-bit digest. SHA1 is recommended because it
is more secure. Make sure both ends of the VPN tunnel use the same authentication method.

Authentication Key. This field specifies a key used to authenticate IP traffic. Enter a key of hexadecimal
values. If MD5 is selected, the Authentication Key is 32-bit, which requires 32 hexadecimal values. If you do
not enter enough hexadecimal values, then the rest of the Authentication Key will be automatically completed
with zeroes until it has 32 hexadecimal values. If SHA is selected, the Authentication Key is 40-bit, which
requires 40 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the
Authentication Key will be automatically completed with zeroes until it has 40 hexadecimal values. Make sure
both ends of the VPN tunnel use the same Authentication Key.

Inbound & Outbound SPI (Security Parameter Index). SPI is carried in the ESP (Encapsulating Security
Payload Protocol) header and enables the receiver and sender to select the SA, under which a packet should
be processed. Hexadecimal values is acceptable, and the valid range is 100~ffffffff. Each tunnel must have a
unique Inbound SPI and Outbound SPI. No two tunnels share the same SPI. The Incoming SPI here must match
the Outgoing SPI value at the other end of the tunnel, and vice versa.

Status

The status information for the Router’s VPN tunnels is displayed here. Click the Disconnect button to terminate
the VPN connection.

When you have finished making changes to the screen, click the Save Settings button to save the changes, or
click the Cancel Changes button to undo your changes. For help information, click More.

Figure 6-30: Key Exchange Method - Manual