SnapGear 2.0.1 User Manual

Page 129

Advertising
background image

Virtual Private Networking

125

Other options

The following options will become available on this page depending on what has been
configured previously:

The next IP address on the interface the tunnel is to go on field is the next

gateway IP address or nexthop along the previously selected IPSec interface. This
field will become available if an interface other than the default gateway was selected
for the tunnel to go out on.

SPI Number field is the Security Parameters Index. It is a hexadecimal value and

must be unique. It is used to establish and uniquely identify the tunnel. The SPI is
used to determine which key is used to encrypt and decrypt the packets. It must be
of the form 0xhex, where hex is one or more hexadecimal digits and be in the range
of 0x100-0xfff. This field appears when Manual Keying has been selected.

Authentication Key field is the ESP Authentication Key. It must be of the form

0xhex, where hex is one or more hexadecimal digits. The hex part must be exactly
32 characters long when using MD5 or 40 characters long when using SHA1
(excluding any underscore characters). This field appears when Manual Keying has
been selected.

Encryption Key field is the ESP Encryption Key. It must be of the form 0xhex, where

hex is one or more hexadecimal digits. The hex part must be exactly 16 characters
long when using DES or 48 characters long when using 3DES (excluding any
underscore characters). This field appears when Manual Keying has been selected.

Cipher and Hash pull down menu contains the ESP encryption/authentication

algorithms that can be used for the tunnel. The option selected must correspond to
the encryption and authentication keys used. This pull down menu appears when
Manual Keying has been selected. The options include the following:

o

3des-md5-96 uses the encryption transform following the Triple-DES standard in

Cipher-Block-Chaining mode with authentication provided by HMAC and MD5
(96-bit authenticator). It uses a 192-bit 3DES encryption key and a 128-bit
HMAC-MD5 authentication key.

o

3des-sha1-96 uses the encryption transform following the Triple-DES standard in

Cipher-Block-Chaining mode with authentication provided by HMAC and SHA1
(96-bit authenticator). It uses a 192-bit 3DES encryption key and a 160-bit
HMAC-SHA1 authentication key.

Advertising
Popular Brands
Popular manuals