Vpn Advanced Wizard - Phase 2 - ZyXEL Communications ZYWALL USG 20 Manual

Unified security gateway
Hide thumbs Also See for ZYWALL USG 20:
Table of Contents

Advertisement

that uses a 168-bit key. As a result, 3DES is more secure than DES. It also
requires more processing power, resulting in increased latency and decreased
throughput. AES128 uses a 128-bit key and is faster than 3DES. AES192 uses a
192-bit key and AES256 uses a 256-bit key.
• Authentication Algorithm: MD5 gives minimal security. SHA-1 gives higher
security. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash
algorithms used to authenticate packet data. The SHA1 algorithm is generally
considered stronger than MD5, but is slower.
• Key Group: DH5 is more secure than DH1 or DH2 (although it may affect
throughput). DH1 (default) refers to Diffie-Hellman Group 1 a 768 bit random
number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.
DH5 refers to Diffie-Hellman Group 5 a 1536 bit random number.
• SA Life Time: Set how often the ZyWALL renegotiates the IKE SA. A short SA
life time increases security, but renegotiation temporarily disconnects the VPN
tunnel.
• NAT Traversal: Select this if the VPN tunnel must pass through NAT (there is a
NAT router between the IPSec devices).
Note: The remote IPSec device must also have NAT traversal enabled. See
NAT, and NAT Traversal on page 419
• Dead Peer Detection (DPD) has the ZyWALL make sure the remote IPSec
device is there before transmitting data through the IKE SA. If there has been
no traffic for at least 15 seconds, the ZyWALL sends a message to the remote
IPSec device. If it responds, the ZyWALL transmits the data. If it does not
respond, the ZyWALL shuts down the IKE SA.
• Authentication Method: Select Pre-Shared Key to use a password or
Certificate to use one of the ZyWALL's certificates.

5.5.6 VPN Advanced Wizard - Phase 2

Phase 2 in an IKE uses the SA that was established in phase 1 to negotiate SAs for
IPSec.
Figure 46 VPN Advanced Wizard: Step 4
ZyWALL USG 20/20W User's Guide
Chapter 5 Quick Setup
for more information.
VPN,
83

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Zywall usg 20wZywall usg 2000

Table of Contents