VR-200 16-Port Multi-WAN VPN Router
• 109 •
z
Keying Mode:
If you select Manual, it allows you to generate the key yourself, and
no key negotiation is needed. Basically, manual key management is used in small
static environments or for troubleshooting purposes. Both sides must use the same
Key Management method.
z
Incoming & Outgoing SPI (Security Parameter Index):
SPI is carried in the ESP
(Encapsulating Security Payload Protocol) header and enables the receiver and
sender to select the SA, under which a packet should be processed. The
hexadecimal value is acceptable, and the valid range is 100~ffffffff. Each tunnel
must have a unique Inbound SPI and Outbound SPI. No two tunnels share the same
SPI. The Incoming SPI here must match the Outgoing SPI value at the other end of
the tunnel, and vice versa
z
Encryption:
There are two methods of encryption, DES and 3DES. The Encryption
method determines the length of the key used to encrypt/decrypt ESP packets. DES
is 56-bit encryption and 3DES is 168-bit encryption. 3DES is recommended because
it is more secure, and both sides must use the same Encryption method.
z
Authentication:
There are two methods of authentication, MD5 and SHA. The
Authentication method determines a method to authenticate the ESP packets. MD5
is a one-way hashing algorithm that produces a 128-bit digest. SHA is a one-way
hashing algorithm that produces a 160-bit digest. SHA is recommended because it
is more secure, and both sides must use the same Authentication method.
z
Encryption Key:
This field specifies a key used to encrypt and decrypt IP traffic,
and the Encryption Key is generated yourself. The hexadecimal value is acceptable
in this field. Both sides must use the same Encryption Key. If DES is selected, the