Dell SonicWALL GX250 Manual

SonicWALL Internet Security Appliance Guide Page 153• Internet Key Exchange (IKE)IKE is a negotiation and key exchange protocol specified by the InternetEngineering Task Force (IETF). An IKE SA automatically negotiates Encryption andAuthentication Keys. With IKE, an initial exchange authenticates the VPN sessionand automatically negotiates keys that will be used to pass IP traffic. The initialexchange occurs on UDP port 500, so when an IKE SA is created, the SonicWALLwill automatically open up port 500 to allow the IKE key exchange.• Manual KeyingManual keying allows you to specify the Encryption and Authentication keys.SonicWALL VPN supports Manual Key VPN Security Associations.• Shared SecretA Shared Secret is a predefined field that the two endpoints of a VPN tunnel useto set up an IKE SA. This field can be any combination of alphanumeric characterswith a minimum length of 4 characters and a maximum of 128 characters.Precautions should be taken when delivering/exchanging this shared secret toassure that a third party cannot compromise the security of a VPN tunnel.• Encapsulating Security Payload (ESP)ESP provides confidentiality and integrity of data by encrypting the data andencapsulating it into IP packets. Encryption may be in the form of ARCFour (similarto the popular RC4 encryption method), DES, etc.The use of ESP increases the processing requirements in SonicWALL VPN and alsoincreases the communications latency. The increased latency is due to theencryption and decryption required for each IP packet containing an EncapsulatingSecurity Payload.ESP typically involves encryption of the packet payload using standard encryptionmechanisms, such as RC4, ARCFour, DES, or 3DES. The SonicWALL supports 56bit ARCFour and 56 bit DES and 168 bit 3DES.• Authentication Header (AH)The Authentication Header provides strong integrity and authentication by addingauthentication information to IP packets. This authentication information iscalculated using header and payload data in the IP packet which provides anadditional level of security.Using AH increases the processing requirements of VPN and will also increase thecommunications latency. The increased latency is primarily due to the calculationof the authentication data by the sender, and the calculation and comparison ofthe authentication data by the receiver for each IP packet containing anAuthentication Header.