About Authentication and Encryption Algorithms

To provide data integrity, an IPsec VPN uses authentication algorithms, which use a key to generate a unique message digest for a packet. The remote endpoint checks the digest using the same key and algorithm. If the data has been altered, the integrity check fails.

To provide data privacy, the VPN endpoint encrypts packets with symmetric encryption algorithms. Such algorithms use a key to transform data into a new string. Only an endpoint using the same algorithm and key can extract the original data from the encrypted string.

The Threat Management Services (TMS) zl Module supports these authentication algorithms for both AH and ESP:

  • Message Digest 5 (MD5

  • Secure Hash Algorithm (SHA-1

  • Advanced Encryption Standard with Extended Cipher Block Chaining (AES Advanced Encryption Standard-XCBC eXtended Cipher Block Chaining

The TMS zl Module supports these encryption algorithms for ESP Encapsulating Security Protocol :

  • Data Encryption Standard (DES

  • Triple DES Data Encryption Standard (3DES

  • Advanced Encryption Standard (AES) with 16-, 24-, or 32-bit keys