Ipsec Sa Overview; Local And Remote Networks - ZyXEL Communications ZYWALL P1 User Manual
Internet security appliance
Hide thumbs
Also See for ZYWALL P1:
- Quick start manual (72 pages) ,
- Quick start manual (64 pages) ,
- User manual (369 pages)
Table of Contents
Advertisement
Chapter 13 IPSec VPN
Table 60 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy (continued)
LABEL
Key Group
Enable Multiple
Proposals
Associated
Network Policies
#
Name
Local Network
Remote Network
Apply
Cancel
13.6 IPSec SA Overview
Once the ZyWALL and remote IPSec router have established the IKE SA, they can securely
negotiate an IPSec SA through which to send data between computers on the networks.
The IPSec SA stays connected even if the underlying IKE SA is not available
anymore.
This section introduces the key components of an IPSec SA.
13.6.1 Local and Remote Networks
In an IPSec SA, the local network consists of devices connected to the ZyWALL and may be
called the local policy. Similarly, the remote network consists of the devices connected to the
remote IPSec router and may be called the remote policy.
218
DESCRIPTION
Select which Diffie-Hellman key group (DHx) you want to use for encryption keys.
Choices are:
DH1 - use a 768-bit random number
DH2 - use a 1024-bit random number
Select this to allow the ZyWALL to use any of its phase 1 key groups and
encryption and authentication algorithms when negotiating an IKE SA.
When you enable multiple proposals, the ZyWALL allows the remote IPSec
router to select which phase 1 key groups and encryption and authentication
algorithms to use for the IKE SA, even if they are less secure than the ones you
configure for the VPN rule.
Clear this to have the ZyWALL use only the configured phase 1 key groups and
encryption and authentication algorithms when negotiating an IKE SA.
The following table shows the policy(ies) you configure for this rule.
To add a VPN policy, click the add network policy (
(IKE) screen (see
Figure 129 on page
for more information.
This field displays the policy index number.
This field displays the policy name.
This field displays one or a range of IP address(es) of the computer(s) behind the
ZyWALL.
This field displays one or a range of IP address(es) of the remote network behind
the remote IPsec router.
Click Apply to save your changes back to the ZyWALL.
Click Cancel to exit this screen without saving.
) icon in the VPN Rules
204). Refer to
Section 13.7 on page 223
ZyWALL P1 User's Guide
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
