SonicWALL Internet Security Appliances User Manual

Page 184

Advertising
background image

SonicWALL VPN Page 185

- Encrypt and Authenticate (ESP DES HMAC MD5) - uses 56-bit DES encryption and HMAC MD5
authentication. This method impacts the data throughput of VPN communications. SonicWALL
VPN client supports this method.
- Authenticate (AH MD5) - uses AH to authenticate and MD5 to generate a 128-bit message
digest.
- Authenticate (AH SHA1) - uses AH to authenticate and SHA1 to generate a 160-bit message
digest.
- Authenticate (ESP MD5) - authenticates using ESP as the security protocol and MD5 to
generate a 128-bit message digest.
- Authenticate (ESP SHA1) - authenticates using ESP as the security protocol and SHA1 to
generate a 160-bit message digest.
- Encrypt and Authenticate (ESP DES HMAC SHA1) - uses 56-bit DES encryption and HMAC SHA1
authentication.
- Strong Encrypt (ESP AES-128) - uses ESP to authenticate and 128-bit AES to encrypt.
- Strong Encrypt and Authenticate (ESP AES-128 HMAC MD5) - uses 128-bit AES encryption and
HMAC MD5 authentication.
- Strong Encrypt and Authenticate (ESP AES-128 HMAC SHA1) - uses 128-bit AES encryption and
HMAC SHA1 authentication.

*

AES support is available only on the PRO 230 and PRO 330.

If IKE using Pre-shared Secret is selected for the IPSec Keying Mode, the Shared Secret field is
displayed and you can enter your shared secret.

Security Policy Settings using Manual Key

Manual Key is configured differently than IKE using Pre-shared Secret or Group VPN. It requires an
Incoming and Outgoing Security Parameter Index (SPI) as well as an Encryption Key and
Authentication Key.

Incoming SPI - Enter the Security Parameter Index (SPI) that the remote location transmits to
identify the Security Association used for the VPN Tunnel. The SPI may be up to eight characters
long and is comprised of hexadecimal characters. Valid hexadecimal characters are "0" to "9",
and "a" to "f" inclusive (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f).

Outgoing SPI - Enter the Security Parameter Index (SPI) that the local SonicWALL transmits to
identify the Security Association used for the VPN Tunnel. The SPI may be up to eight characters
long and is comprised of hexadecimal characters.

Tip A Security Association's SPI must be unique when compared to SPIs used in other Security
Associations. However, a Security Association's Incoming SPI may be the same as the Outgoing SPI.

Advertising
Popular Brands
Popular manuals