Loading ...
Loading ...
Loading ...
123
Encapsulating Security • Protocol
Select ESP.
• Encryption
Select DES, 3DES, AES-CBC 128, or AES-CBC 256.
• Hash
Select MD5, SHA1, SHA256, SHA384, or SHA512.
• SA Lifetime
Specify the IKE SA lifetime.
Type the time (seconds) and number of kilobytes (KByte).
• Encapsulation Mode
Select Transport or Tunnel.
• Remote Router IP-Address
Type the IP address (IPv4 or IPv6) of the remote router. Enter this
information only when the Tunnel mode is selected.
Perfect Forward Secrecy (PFS) PFS does not derive keys from previous keys that were used to encrypt
messages. In addition, if a key that is used to encrypt a message was derived
from a parent key, that parent key is not used to derive other keys. Therefore,
even if a key is compromised, the damage will be limited only to the
messages that were encrypted using that key.
Select Enabled or Disabled.
Authentication Method Select the authentication method. Select Pre-Shared Key, Certificates, EAP
- MD5, or EAP - MS-CHAPv2.
Option Description
ESP is a protocol for carrying out encrypted communication using
IPsec. ESP encrypts the payload (communicated contents) and adds
additional information. The IP packet comprises the header and the
encrypted payload, which follows the header. In addition to the
encrypted data, the IP packet also includes information regarding the
encryption method and encryption key, the authentication data, and
so on.
SA (Security Association) is an encrypted communication method
using IPsec or IPv6 that exchanges and shares information, such as
the encryption method and encryption key, in order to establish a
secure communication channel before communication begins. SA
may also refer to a virtual encrypted communication channel that has
been established. The SA used for IPsec establishes the encryption
method, exchanges the keys, and carries out mutual authentication
according to the IKE (Internet Key Exchange) standard procedure. In
addition, the SA is updated periodically.
EAP is an authentication protocol that is an extension of PPP. By
using EAP with IEEE802.1x, a different key is used for user
authentication during each session.
The following settings are necessary only when EAP - MD5 or EAP -
MS-CHAPv2 is selected in Authentication Method:
• Mode
Select Server-Mode or Client-Mode.
• Certificate
Select the certificate.
• User Name
Type the user name (up to 32 characters).
• Password
Type the password (up to 32 characters). The password must be
entered two times for confirmation.
Loading ...
Loading ...
Loading ...