ZyXEL Communications ZyXEL ZyWALL 2WE User Manual page 317

LABEL
My IP Address
Secure Gateway IP
Address
SPI
Encapsulation Mode
Enable Replay
Detection
IPSec Protocol
Encryption Algorithm
Encryption Key (only
with ESP)
VPN/IPSec Setup
Table 27-9 Manual
Enter the WAN IP address of your ZyWALL. The ZyWALL uses its current WAN IP
address (static or dynamic) in setting up the VPN tunnel if you leave this field as
0.0.0.0. The VPN tunnel has to be rebuilt if this IP address changes.
Type the WAN IP address or the URL (up to 31 characters) of the remote secure
gateway with which you're making the VPN connection. Set this field to 0.0.0.0 if the
remote secure gateway has a dynamic WAN IP address (the Key Management field
must be set to IKE).
Type a unique SPI from one to four characters long. Valid Characters are "0, 1, 2, 3,
4, 5, 6, 7, 8, and 9".
Select Tunnel mode or Transport mode from the drop down list-box. The ZyWALL's
encapsulation mode should be identical to the secure remote gateway.
As a VPN setup is processing intensive, the system is vulnerable to Denial of Service
(DOS) attacks The IPSec receiver can detect and reject old or duplicate packets to
protect against replay attacks. Enable replay detection by setting this field to Yes.
Select ESP or AH from the drop-down list box. The ZyWALL's IPSec Protocol should
be identical to the secure remote gateway. The ESP (Encapsulation Security
Payload) protocol (RFC 2406) provides encryption as well as the authentication
offered by AH. If you select ESP here, you must select options from the Encryption
Algorithm and Authentication Algorithm fields (described below). The AH protocol
(Authentication Header Protocol) (RFC 2402) was designed for integrity,
authentication, sequence integrity (replay resistance), and non-repudiation but not for
confidentiality, for which the ESP was designed. If you select AH here, you must
select an option from the Authentication Algorithm field.
Select DES or 3DES from the drop-down list box. The ZyWALL's encryption algorithm
should be identical to the secure remote gateway. When DES is used for data
communications, both sender and receiver must know the same secret key, which
can be used to encrypt and decrypt the message. The DES encryption algorithm uses
a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a
result, 3DES is more secure than DES. It also requires more processing power,
resulting in increased latency and decreased throughput.
With DES, type a unique key 8 characters long. With 3DES, type a unique key 24
characters long. Any characters may be used, including spaces, but trailing spaces
are truncated.
ZyWALL 2 and ZyWALL 2WE
IKE VPN Rule Setup
DESCRIPTION
27-23