SonicWALL Internet Security Appliances User Manual

Page 184 SonicWALL Internet Security Appliance Administrator’s Guide

•

Phase 1 Encryption/Authentication - select an encryption method from the Encryption/Authen-
tication for the VPN tunnel. If you select IKE using Pre-Shared Secret for your SA, you can select
from one of eight encryption methods:

*

AES support is available only on the PRO 230 and PRO 330.

The encryption methods are listed in order from least secure to most secure. If network speed
is preferred, then select DES & MD5. If network security is preferred, select 3DES & SHA1. To
compromise between network speed and network security, select DES & SHA1. AES (Advanced
Encryption Standard) is an encryption method for securing sensitive but unclassified material
by U.S. Government agencies.

Phase 2 Encryption/Authentication - The following encryption methods are available for IKE using
Preshared Secret:

- Tunnel Only (ESP Null) - does not provide encryption or authentication. This option offers
access to computers at private addresses behind NAT and allows unsupported services through
the SonicWALL.
- Encrypt (ESP DES) - uses 56-bit DES to encrypt data. DES is an extremely secure encryption
method supporting over 72 quadrillion possible encryption keys to encrypt data.
- Fast Encrypt (ESP ARCFour) - uses 56-bit ARCFour to encrypt data. ARCFour is a secure
encryption method and has little impact on the throughput of the SonicWALL.
- Strong Encrypt (ESP 3DES) - uses 168-bit 3DES (Triple DES) to encrypt data. 3DES is
considered to be an almost “unbreakable” encryption method, applying three DES keys in
succession, but it significantly impacts the data throughput of the SonicWALL.
- Strong Encrypt and Authenticate (ESP 3DES HMAC MD5) - uses 168-bit 3DES encryption and
HMAC MD5 authentication. 3DES is an extremely secure encryption method, and HMAC MD5 is
used to verify integrity. This method significantly impacts the data throughput of the SonicWALL.
- Strong Encrypt for Checkpoint (ESP 3DES) - interoperable with CheckPoint Firewall-1. In
manual key mode, Encrypt for CheckPoint uses 168-bit DES to encrypt data.
- Strong Encrypt and Authenticate (ESP 3DES HMAC SHA1) - uses 168-bit 3DES encryption and
HMAC SHA1 authentication. 3DES is an extremely secure encryption method, and HMAC SHA1
is used to verify integrity. This method significantly impacts the data throughput of the
SonicWALL.
- Encrypt for Checkpoint (ESP DES HMAC MD5) - uses 56-bit DES encryption and HMAC MD5
authentication. This method is compatible with CheckPoint Firewall-1.

DES & MD5

AES-128 & MD5

*

DES & SHA1

AES-128 & SHA1

*

3DES & MD5

AES-256 & MD5

*

3DES & SHA1

AES-256 & SHA1

*