ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0 User Manual page 323

ZyWALL 5/35/70 Series User's Guide
Table 102 VPN Rules (IKE): Network Policy Edit (continued)
LABEL
Starting IP Address
Ending IP Address/
Subnet Mask
Local Port
Remote Network
Address Type
Starting IP Address
Ending IP Address/
Subnet Mask
Remote Port
IPSec Proposal
Encapsulation Mode
Active Protocol
Encryption Algorithm When DES is used for data communications, both sender and receiver must
323
DESCRIPTION
When the Address Type field is configured to Single Address, enter a (static)
IP address on the LAN behind your ZyWALL. When the Address Type field is
configured to Range Address, enter the beginning (static) IP address, in a
range of computers on the LAN behind your ZyWALL. When the Address Type
field is configured to Subnet Address, this is a (static) IP address on the LAN
behind your ZyWALL.
When the Address Type field is configured to Single Address, this field is N/A.
When the Address Type field is configured to Range Address, enter the end
(static) IP address, in a range of computers on the LAN behind your ZyWALL.
When the Address Type field is configured to Subnet Address, this is a subnet
mask on the LAN behind your ZyWALL.
0 is the default and signifies any port. Type a port number from 0 to 65535 in the
Start and End fields. Some of the most common IP ports are: 21, FTP; 53, DNS;
23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.
Remote IP addresses must be static and correspond to the remote IPSec
router's configured local IP addresses.
Two active SAs cannot have the local and remote IP address(es) both the same.
Two active SAs can have the same local or remote IP address, but not both.
You can configure multiple SAs between the same local and remote IP
addresses, as long as only one is active at any time.
Use the drop-down list box to choose Single Address, Range Address, or
Subnet Address. Select Single Address with a single IP address. Select
Range Address for a specific range of IP addresses. Select Subnet Address
to specify IP addresses on a network by their subnet mask.
When the Address Type field is configured to Single Address, enter a (static)
IP address on the network behind the remote IPSec router. When the Addr Type
field is configured to Range Address, enter the beginning (static) IP address, in
a range of computers on the network behind the remote IPSec router. When the
Address Type field is configured to Subnet Address, enter a (static) IP
address on the network behind the remote IPSec router.
When the Address Type field is configured to Single Address, this field is N/A.
When the Address Type field is configured to Range Address, enter the end
(static) IP address, in a range of computers on the network behind the remote
IPSec router. When the Address Type field is configured to Subnet Address,
enter a subnet mask on the network behind the remote IPSec router.
0 is the default and signifies any port. Type a port number from 0 to 65535 in the
Start and End fields. Some of the most common IP ports are: 21, FTP; 53, DNS;
23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.
Select Tunnel mode or Transport mode.
Select the security protocols used for an SA.
Both AH and ESP increase processing requirements and communications
latency (delay).
know the same secret key, which can be used to encrypt and decrypt the
message or to generate and verify a message authentication code. The DES
encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES
that uses a 168-bit key. As a result, 3DES is more secure than DES. It also
requires more processing power, resulting in increased latency and decreased
throughput. This implementation of AES uses a 128-bit key. AES is faster than
3DES. Select NULL to set up a tunnel without encryption. When you select
NULL, you do not enter an encryption key.
Chapter 19 VPN Screens