ZyXEL Communications ZYWALL 5 Quick Start Manual page 17

Key Group
Choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie-Hellman Group 1 a 768 bit random
number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.
SA Life Time (Seconds)
Define the length of time before an IKE SA automatically renegotiates in this field. The minimum value is 180
seconds.
Pre-Shared Key
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "A-F") characters. You
must precede a hexadecimal key with a "0x" (zero x), which is not counted as part of the 16 to 62 character range
for the key.
Click Next to continue.
4. Use the forth wizard screen to configure IPSec settings and click Next to continue.
5.
This read-only screen shows a summary of the VPN rule's settings. Check whether what you
have configured is correct.
ZyWALL 5 Internet Security Appliance
16
Choose Tunnel mode or Transport
mode.
Choose which protocol to use (ESP
or AH) for the IKE key exchange.
Choose an encryption algorithm or
select NULL to set up a tunnel
without encryption.
Choose an authentication algorithm.
Set the IPSec SA lifetime. This field
allows you to determine how long
the IPSec SA should stay up before
it times out.
Choose whether to enable Perfect
Forward Secrecy (PFS) using Diffie-
Hellman public-key cryptography.
Select None (the default) to disable
PFS. DH1 refers to Diffie-Hellman
Group 1 a 768 bit random number.
DH2 refers to Diffie-Hellman Group
2 a 1024 bit (1Kb) random number
(more secure, yet slower).