ZyXEL Communications NWD-210N - FOR MAC V1.00 Guide de l'utilisateur Page 134
- Page / 292
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Chapter 18 IPSec VPN
NBG5715 User’s Guide
134
18.5.2 Manual Key Setup
Manual key management is useful if you have problems with IKE key management.
18.5.2.1 Security Parameter Index (SPI)
An SPI is used to distinguish different SAs terminating at the same destination and using the same
IPSec protocol. This data allows for the multiplexing of SAs to a single gateway. The SPI (Security
Parameter Index) along with a destination IP address uniquely identify a particular Security
Association (SA). The SPI is transmitted from the remote VPN gateway to the local VPN gateway.
The local VPN gateway then uses the network, encryption and key values that the administrator
associated with the SPI to establish the tunnel.
Key Group You must choose a key group for phase 1 IKE setup. DH1 refers to Diffie-
Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group
2 a 1024 bit (1Kb) random number.
Phase 2
Encapsulation
Mode
Select Tunnel mode or Transport mode from the drop-down list box.
IPSec Protocol Select the security protocols used for an SA.
Both AH and ESP increase processing requirements and communications
latency (delay).
If you select ESP here, you must select options from the Encryption
Algorithm and Authentication Algorithm fields (described below).
Encryption
Algorithm
Select which key size and encryption algorithm to use for data communications.
Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
The NBG5715 and the remote IPSec router must use the same algorithms and
key , which can be used to encrypt and decrypt the message or to generate and
verify a message authentication code. Longer keys require more processing
power, resulting in increased latency and decreased throughput.
Authentication
Algorithm
Select which hash algorithm to use to authenticate packet data. Choices are
SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also
slower.
SA Life Time Define the length of time before an IKE or IPSec SA automatically renegotiates
in this field. It may range from 1 to 2,000,000,000 seconds.
A short SA Life Time increases security by forcing the two VPN gateways to
update the encryption and authentication keys. However, every time the VPN
tunnel renegotiates, all users accessing remote resources are temporarily
disconnected.
Key Group You must choose a key group for phase 1 IKE setup. DH1 refers to Diffie-
Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group
2 a 1024 bit (1Kb) random number.
Back Click Back to return to the previous screen.
Apply Click Apply to save your changes back to the NBG5715.
Cancel Click Cancel to restore your previous settings.
Table 54 Security > IPSec VPN > General > Edit: IKE (continued)
LABEL DESCRIPTION
- Default Login Details 1
- About This User's Guide 3
- Need More Help? 4
- Customer Support 4
- Document Conventions 5
- Icons Used in Figures 6
- Safety Warnings 7
- Contents Overview 10
- NBG5715 User’s Guide 10
- Table of Contents 11
- Table of Contents 13
- User’s Guide 19
- CHAPTER 1 21
- 1.2 Applications 22
- 1.5 LEDs 23
- CHAPTER 2 25
- CHAPTER 3 26
- 3.2.1 The Menus 28
- CHAPTER 4 33
- 4.2.2 Weather Edit 34
- 4.3 Resetting the NBG5715 35
- CHAPTER 5 37
- 5.3 The Log Screen 38
- 5.4 DHCP Table 38
- 5.5 Packet Statistics 40
- 5.6 VPN Monitor 41
- Chapter 5 Monitor and Summary 42
- CHAPTER 6 43
- CHAPTER 7 44
- 7.3 Navigation Panel 45
- Status Screen 45
- 7.4 Network Map 46
- 7.5 Control Panel 47
- 7.5.1 Game Engine 48
- 7.5.2 Power Saving 48
- 7.5.3 Content Filter 49
- 7.5.4 Bandwidth MGMT 50
- 7.5.5 Firewall 51
- 7.5.6 Wireless Security 51
- 7.5.7 WPS 52
- Chapter 7 Easy Mode 54
- ITEM DESCRIPTION 54
- CHAPTER 8 55
- to open the status screen 56
- 8.2.1 Navigation Panel 58
- Chapter 8 Router Mode 59
- LINK TAB FUNCTION 59
- Chapter 8 Router Mode 60
- CHAPTER 9 61
- Wireless Client 62
- Access Point 62
- 9.2.2 PIN Configuration 63
- Wireless LAN Mode 2.4G 64
- SSID SSID_Example3 64
- Channel 6 64
- Security WPA-PSK 64
- Chapter 9 Tutorials 66
- Technical Reference 69
- CHAPTER 10 71
- Encapsulation Method 72
- WAN IP Address 72
- DNS Server Address Assignment 72
- WAN MAC Address 72
- 10.4 The Broadband Screen 73
- 10.4.2 PPPoE Encapsulation 75
- Chapter 10 WAN 76
- 10.5 The Advanced Screen 77
- CHAPTER 11 79
- 11.1.2 What You Should Know 80
- 11.3 Wireless Security Modes 84
- 11.3.2 WEP Encryption 85
- 11.3.3 WPA-PSK/WPA2-PSK 86
- 11.3.4 WPA/WPA2 87
- 11.4 The MAC Filter Screen 88
- 11.6 The QoS Screen 90
- 11.7 The WPS Screen 91
- 11.8 The WPS Station Screen 92
- 11.9 The Scheduling Screen 93
- Chapter 11 Wireless LAN 94
- CHAPTER 12 95
- 12.3 What You Need To Know 96
- 12.4 The LAN IP Screen 97
- 12.5 The IP Alias Screen 97
- Chapter 12 LAN 98
- CHAPTER 13 99
- 13.4 The Client List Screen 101
- CHAPTER 14 103
- 14.1.2 What You Need To Know 104
- 14.2 The NAT General Screen 105
- 14.4 The NAT Advance Screen 109
- 14.5 Technical Reference 110
- Chapter 14 NAT 112
- CHAPTER 15 113
- CHAPTER 16 115
- Chapter 16 Static Route 117
- LABEL DESCRIPTION 117
- Chapter 16 Static Route 118
- CHAPTER 17 119
- What is a Firewall? 120
- Stateful Inspection Firewall 120
- About the NBG5715 Firewall 120
- Chapter 17 Firewall 123
- CHAPTER 18 124
- 18.3 What You Need To Know 125
- 18.4 The General Screen 126
- 18.5 Edit VPN Rule 128
- 18.5.1 IKEKey Setup 129
- Chapter 18 IPSec VPN 133
- 18.5.2 Manual Key Setup 134
- 18.6 The SA Monitor Screen 139
- 18.7 Technical Reference 139
- 18.7.1 IPSec Architecture 140
- 18.7.2 Encapsulation 141
- 18.7.3 IKE Phases 142
- 18.7.5 IPSec and NAT 143
- 18.7.7 ID Type and Content 144
- 18.7.8 Pre-Shared Key 145
- CHAPTER 19 147
- 19.4 General Screen 148
- 19.5 Advance Screen 148
- CHAPTER 20 152
- 20.4 WWW Screen 153
- 20.5 Telnet Screen 154
- CHAPTER 21 155
- 21.3 UPnP Screen 156
- 21.4 Technical Reference 156
- CHAPTER 22 163
- 22.4 Password Screen 164
- 22.5 Time Setting Screen 165
- 22.6 Firmware Upgrade Screen 166
- 22.7 Backup/Restore Screen 167
- 22.8 The Language Screen 169
- Chapter 22 Maintenance 170
- CHAPTER 23 171
- I forgot the password 172
- 23.4 Internet Access 174
- 23.7 USB Device Problems 176
- Chapter 23 Troubleshooting 178
- APPENDIX A 179
- APPENDIX B 183
- JavaScript 186
- Java Permissions 188
- JAVA (Sun) 189
- Mozilla Firefox 190
- Allowing Pop-Ups 192
- Enabling Java 192
- APPENDIX C 195
- Subnet Masks 196
- Network Size 197
- Notation 197
- Subnetting 198
- Example: Four Subnets 199
- Example: Eight Subnets 200
- Subnet Planning 201
- Configuring IP Addresses 202
- Private IP Addresses 202
- IP Address Conflicts 203
- APPENDIX D 205
- Windows XP/NT/2000 206
- Verifying Settings 208
- Windows Vista 209
- Windows 7 213
- Mac OS X: 10.3 and 10.4 217
- Mac OS X: 10.5 and 10.6 220
- Linux: Ubuntu 8 (GNOME) 223
- Linux: openSUSE 10.3 (KDE) 227
- APPENDIX E 233
- Fragmentation Threshold 236
- Preamble Type 237
- IEEE 802.11g Wireless LAN 237
- Wireless Security Overview 237
- IEEE 802.1x 238
- Types of RADIUS Messages 239
- Types of EAP Authentication 239
- Encryption 241
- WPA and WPA2 241
- User Authentication 242
- Security Parameters Summary 244
- Antenna Overview 244
- Appendix E Wireless LANs 246
- APPENDIX F 247
- Appendix F Common Services 248
- Appendix F Common Services 249
- APPENDIX G 251
- APPENDIX H 281
- Viewing Certifications 282
- ZyXEL Limited Warranty 282
- Registration 282
- End-User License Agreement 283
- Appendix H Legal Information 286
- NBG5715 User’s Guide292 292
Produits connexes et manuels pour Routeurs ZyXEL Communications NWD-210N - FOR MAC V1.00
(341 pages)© 2020, manymanuals.fr. Tous droits réservés | 3.414 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels