Figure 465 Managing The Bandwidth Of An Ipsec Sa; Figure 466 Managing The Bandwidth Of An Ike Sa - ZyXEL Communications ZYWALL 2 PLUS User Manual

Appendix G Command Interpreter

Figure 465 Managing the Bandwidth of an IPSec SA

Use with this command to set the ZyWALL to use the outer source and destination IP
on
addresses of VPN packets in managing the bandwidth of the VPN traffic. These are the IP
addresses of the ZyWALL and the remote IPSec router. The following figure shows an
example of this. The ZyWALL uses the IP addresses of the ZyWALL (X in the figure) and
remote IPSec router (Y) to manage the bandwidth of the VPN traffic for the IKE SA.

Figure 466 Managing the Bandwidth of an IKE SA

How you configure this command affects how you can implement bandwidth management as
follows.
• Leave this command set to
individual phase 2 IPSec SAs that are connecting through the same remote IPSec router.
With this setting you can also specify the type of traffic either using the service list (like
SIP or FTP) or by specifying port numbers.
• Use
bm vpnTraffic
includes all of the phase 2 IPSec SAs that are connecting through the same remote IPSec
router. With this setting the bandwidth management applies to ESP or AH packets so you
can only specify IP addresses. You cannot specify a service or port numbers.
Setting the Key Length for Phase 2 IPSec AES Encryption
Syntax:
644
off
to be able to create a single bandwidth management group that
ipsec ipsecConfig encryKeyLen <0:128 | 1:192 | 2:256>
to be able to create bandwidth management groups for
ZyWALL 2 Plus User's Guide