Appendix f - basic vpn terms and concepts – SonicWALL Internet Security Appliances User Manual

Page 274 SonicWALL Internet Security Appliance Administrator’s Guide

Appendix F - Basic VPN Terms and Concepts

•

VPN Tunnel

A VPN Tunnel is a term that describes a connection between two or more private nodes or LANs
over a public network, typically the Internet. Encryption is often used to maintain the
confidentiality of private data when traveling over the Internet.

•

Encryption

Encryption is a mathematical operation that transforms data from "clear text" (something that
a human or a program can interpret) to "cipher text" (something that cannot be interpreted).
Usually the mathematical operation requires that an alphanumeric "key" be supplied along with
the clear text. The key and clear text are processed by the encryption operation, which leads to
data scrambling that makes encryption secure. Decryption is the opposite of encryption: it is a
mathematical operation that transforms cipher text to clear text.

•

Key

A key is an alphanumeric string used by the encryption operation to transform clear text into
cipher text. A key is comprised of hexadecimal characters (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d,
e, f). A valid key would be 1234567890abcdef. Keys used in VPN communications can range
in length, but typically consist of 16 or 32 characters. The longer the key, the more difficult it is
to break the encryption.

•

Asymmetric vs. Symmetric Cryptography

Asymmetric and symmetric cryptography refer to the keys used to authenticate, or encrypt and
decrypt the data.

Asymmetric cryptography, or public key cryptography, uses two keys for verification.
Organizations, such as RSA Data Security and Verisign, support asymmetric cryptography.

With symmetric cryptography, the same key is used to authenticate on both ends of the VPN.
Symmetric cryptography, or secret key cryptography, is usually faster than asymmetric
cryptography. Therefore symmetric algorithms are often used when large quantities of data
have to be exchanged. SonicWALL VPN uses Symmetric Cryptography. As a result, the key on
both ends of the VPN tunnel must match exactly.

•

Security Association (SA)

A Security Association (SA) is a group of security settings related to a specific VPN tunnel. A
Security Association groups together all of the settings necessary to create a VPN tunnel.
Different SAs can be created to connect branch offices, allow secure remote management, and
pass unsupported traffic. All Security Associations require a specified Encryption Method, IPSec
Gateway Address and Destination Network Address. IKE includes a Shared Secret. Manual
Keying includes two SPIs and an Encryption and Authentication Key.