ZyXEL Communications ZyWall ATP series User Manual page 87

Phase 1
• Negotiation Mode: This displays Main or Aggressive:
• Main encrypts the ZyWALL/USG's and remote IPSec router's identities but takes more time to
establish the IKE SA
• Aggressive is faster but does not encrypt the identities.
The ZyWALL/USG and the remote IPSec router must use the same negotiation mode. Multiple SAs
connecting through a secure gateway must have the same negotiation mode.
• Encryption Algorithm: This displays the encryption method used. The longer the key, the higher the
security, the lower the throughput (possibly).
• DES uses a 56-bit key.
• 3DES uses a 168-bit key.
• AES128 uses a 128-bit key
• AES192 uses a 192-bit key
• AES256 uses a 256-bit key.
• Authentication Algorithm: This displays the authentication algorithm used. The stronger the algorithm,
the slower it is.
• MD5 gives minimal security.
• SHA1 gives higher security
• SHA256 gives the highest security.
• Key Group: This displays the Diffie-Hellman (DH) key group used. DH5 is more secure than DH1 or DH2
(although it may affect throughput).
• DH1 uses a 768 bit random number.
• DH2 uses a 1024 bit (1Kb) random number.
• DH5 uses a 1536 bit random number.
Phase 2
• Active Protocol: This displays ESP (compatible with NAT) or AH.
• Encapsulation: This displays Tunnel (compatible with NAT) or Transport.
• Encryption Algorithm: This displays the encryption method used. The longer the key, the higher the
security, the lower the throughput (possibly).
• DES uses a 56-bit key.
• 3DES uses a 168-bit key.
• AES128 uses a 128-bit key
• AES192 uses a 192-bit key
• AES256 uses a 256-bit key.
• Null uses no encryption.
• Authentication Algorithm: This displays the authentication algorithm used. The stronger the algorithm,
the slower it is.
• MD5 gives minimal security.
• SHA1 gives higher security
• SHA256 gives the highest security.
Chapter 4 Quick Setup Wizards
ZyWALL ATP Series User's Guide
87