Billion Electric Company BiPAC 8501/8521 User Manual

Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router

Chapter 4: Configuration

109

o

SHA1: A one-way hashing algorithm that produces a 160−bit hash.

• Encryption: Select the encryption method from the pull-down menu. There are several

options, DES, 3DES, AES (128, 192 and 256) and NULL. NULL means it is a tunnel only
with no encryption. 3DES and AES are more powerful but increase the latency.

o

DES: Stand for Data Encryption Standard, it uses 56 bits as an encryption method.

o

3DES: Stand for Triple Data Encryption Standard, it uses 168 (56*3) bits as an

encryption method.

o

AES: Stand for Advanced Encryption Standards, you can use 128, 192 or 256 bits

encryption method.

• Perfect Forward Secrecy: Choose whether to enable PFS using Diffie-Hellman public-

key cryptography to change the encryption keys during second phase of VPN negotiation.
This function will provide better security, but extends the VPN negotiation time. Diffie-
Hellman is a public-key cryptography protocol that allows two parties to establish a
shared secret over an unsecured communication channel (i.e. over the Internet). There
are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for
Modular Exponentiation Groups.

• Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to

128 characters. Both sides should use the same key. IKE is used to establish a shared
security policy and authenticated keys for services (such as IPSec) that require a key.
Before any IPSec traffic can be passed, each router must be able to verify the identity of
its peer. This can be done by manually entering the pre-shared key to the router or hosts
at both ends.

Select the Apply button to apply your changes.