ZyXEL Communications ZYWALL 35 User Manual page 384

Chapter 18 IPSec VPN
Table 107 SECURITY > VPN > VPN Rules (Manual) > Edit (continued)
LABEL
My ZyWALL
Primary Remote
Gateway
Manual Proposal
SPI
Encapsulation
Mode
Active Protocol
Encryption
Algorithm
Authentication
Algorithm
Encryption Key
Authentication
Key
Apply
Cancel
384
DESCRIPTION
When the ZyWALL is in router mode, enter the WAN IP address of your ZyWALL
or leave the field set to 0.0.0.0.
The ZyWALL uses its current WAN IP address (static or dynamic) in setting up the
VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes down, the
ZyWALL uses the dial backup IP address for the VPN tunnel when using dial
backup or the LAN IP address when using traffic redirect.
The VPN tunnel has to be rebuilt if this IP address changes.
When the ZyWALL is in bridge mode, this field is read-only and displays the
ZyWALL's IP address.
Type the WAN IP address of the IPSec router with which you're making the VPN
connection.
Type a unique SPI (Security Parameter Index) from one to four characters long.
Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".
Select Tunnel mode or Transport mode from the drop-down list box.
Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP
protocol (RFC 2406) provides encryption as well as some of the services offered
by AH. If you select ESP here, you must select options from the Encryption
Algorithm and Authentication Algorithm fields (described next).
Select AH if you want to use AH (Authentication Header Protocol). The AH
protocol (RFC 2402) was designed for integrity, authentication, sequence integrity
(replay resistance), and non-repudiation but not for confidentiality, for which the
ESP was designed. If you select AH here, you must select options from the
Authentication Algorithm field (described next).
Select DES, 3DES or NULL from the drop-down list box.
When DES is used for data communications, both sender and receiver must know
the Encryption Key, which can be used to encrypt and decrypt the message or to
generate and verify a message authentication code. The DES encryption
algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a
168-bit key. As a result, 3DES is more secure than DES. It also requires more
processing power, resulting in increased latency and decreased throughput.
Select NULL to set up a tunnel without encryption. When you select NULL, you do
not enter an encryption key.
Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and
SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet
data. The SHA1 algorithm is generally considered stronger than MD5, but is
slower. Select MD5 for minimal security and SHA-1 for maximum security.
This field is applicable when you select ESP in the Active Protocol field above.
With DES, type a unique key 8 characters long. With 3DES, type a unique key 24
characters long. Any characters may be used, including spaces, but trailing
spaces are truncated.
Type a unique authentication key to be used by IPSec if applicable. Enter 16
characters for MD5 authentication or 20 characters for SHA-1 authentication. Any
characters may be used, including spaces, but trailing spaces are truncated.
Click Apply to save your changes back to the ZyWALL.
Click Cancel to exit this screen without saving.
ZyWALL 5/35/70 Series User's Guide