ZyXEL Communications ZyWall ATP series User Manual page 98

• Aggressive is faster but does not encrypt the identities.
The ZyWALL/USG and the remote IPSec router must use the same negotiation mode. Multiple SAs
connecting through a secure gateway must have the same negotiation mode.
• Encryption Algorithm: This displays the encryption method used. The longer the key, the higher the
security, the lower the throughput (possibly).
• DES uses a 56-bit key.
• 3DES uses a 168-bit key.
• AES128 uses a 128-bit key
• AES192 uses a 192-bit key
• AES256 uses a 256-bit key.
• Authentication Algorithm: This displays the authentication algorithm used. The stronger the algorithm,
the slower it is.
• MD5 gives minimal security.
• SHA1 gives higher security
• SHA256 gives the highest security.
• Key Group: This displays the Diffie-Hellman (DH) key group used. DH5 is more secure than DH1 or DH2
(although it may affect throughput).
• DH1 uses a 768 bit random number.
• DH2 uses a 1024 bit (1Kb) random number.
• DH5 uses a 1536 bit random number.
Phase 2
• Active Protocol: This displays ESP (compatible with NAT) or AH.
• Encapsulation: This displays Tunnel (compatible with NAT) or Transport.
• Encryption Algorithm: This displays the encryption method used. The longer the key, the higher the
security, the lower the throughput (possibly).
• DES uses a 56-bit key.
• 3DES uses a 168-bit key.
• AES128 uses a 128-bit key
• AES192 uses a 192-bit key
• AES256 uses a 256-bit key.
• Null uses no encryption.
• Authentication Algorithm: This displays the authentication algorithm used. The stronger the algorithm,
the slower it is.
• MD5 gives minimal security.
• SHA1 gives higher security
• SHA256 gives the highest security.
The Configuration for Secure Gateway displays the configuration that the Zyxel Device IPSec VPN Client
will get from the Zyxel Device.
Click Save to save the VPN rule.
Chapter 4 Quick Setup Wizards
ZyWALL ATP Series User's Guide
98