Vpn screens, Vpn/ipsec overview, Ipsec algorithms – ZyXEL Communications 792H User Manual

Prestige 792H G.SHDSL Router

VPN Screens

14-1

Chapter 14

VPN Screens

This chapter introduces the VPN screens. See the Logs chapter for information on viewing logs and

the Reference Guide for IPSec log description

14.1 VPN/IPSec Overview

Use the screens documented in this chapter to configure rules for VPN connections and manage VPN
connections.

14.2 IPSec Algorithms

The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec
VPN. An SA is built from the authentication provided by the AH and ESP protocols. The primary function
of key management is to establish and maintain the SA between systems. Once the SA is established, the
transport of data may commence.

14.2.1 AH (Authentication Header) Protocol

AH protocol (RFC 2402) was designed for integrity, authentication, sequence integrity (replay resistance),
and non-repudiation but not for confidentiality, for which the ESP was designed.
In applications where confidentiality is not required or not sanctioned by government encryption restrictions,
an AH can be employed to ensure integrity. This type of implementation does not protect the information
from dissemination but will allow for verification of the integrity of the information and authentication of the
originator.

14.2.2 ESP (Encapsulating Security Payload) Protocol

The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. ESP
authenticating properties are limited compared to the AH due to the non-inclusion of the IP header
information during the authentication process. However, ESP is sufficient if only the upper layer protocols
need to be authenticated.
An added feature of the ESP is payload padding, which further protects communications by concealing the
size of the packet being transmitted.