ZyXEL Communications Vantage CNM User Manual page 269
Centralized network management
Hide thumbs
Also See for Vantage CNM:
- User manual (433 pages) ,
- Quick start manual (36 pages) ,
- User manual (460 pages)
Table of Contents
Advertisement
Table 111 Building Block > Component BB > Add > VPN1.1d_IKE
TYPE
Content
IKE Proposal
Negotiation Mode
Encryption Algorithm
Authentication Algorithm
Chapter 18 Building Blocks (BBs)
DESCRIPTION
The configuration of the peer content depends on the peer ID type.
Do the following when you set Authentication Key to Pre-shared Key.
•
For IP, type the IP address of the computer with which you will make
the VPN connection. If you configure this field to 0.0.0.0 or leave it
blank, the ZyWALL will use the address in the Remote Gateway
Address field (refer to the Remote Gateway Address field
description).
•
For DNS or E-mail, type a domain name or e-mail address by which to
identify the remote IPSec router. Use up to 31 ASCII characters
including spaces, although trailing spaces are truncated. The domain
name or e-mail address is for identification purposes only and can be
any string.
It is recommended that you type an IP address other than 0.0.0.0 or use
the DNS or E-mail ID type in the following situations:
•
When there is a NAT router between the two IPSec routers.
•
When you want the ZyWALL to distinguish between VPN connection
requests that come in from remote IPSec routers with dynamic WAN
IP addresses.
Do the following when you set Authentication Key to Certificate.
•
For IP, type the IP address from the subject alternative name field of
the certificate the remote IPSec router will use for this VPN
connection. If you configure this field to 0.0.0.0 or leave it blank, the
ZyWALL will use the address in the Remote Gateway Address field
(refer to the Remote Gateway Address field description).
•
For DNS or E-mail, type the domain name or e-mail address from the
subject alternative name field of the certificate the remote IPSec router
will use for this VPN connection.
•
For Subject Name, type the subject name of the certificate the remote
IPSec router will use for this VPN connection. Use up to255 ASCII
characters including spaces.
•
For Any, the peer Content field is not available.
•
Regardless of how you configure the ID Type and Content fields, two
active SAs cannot have both the local and remote IP address ranges
overlap between rules.
Select Main or Aggressive from the drop-down list box. Multiple SAs
connecting through a secure gateway must have the same negotiation
mode.
Select DES, 3DES or AES from the drop-down list box.
When you use one of these encryption algorithms for data
communications, both the sending device and the receiving device must
use the same secret key, which can be used to encrypt and decrypt the
message or to generate and verify a message authentication code. The
DES encryption algorithm uses a 56-bit key. Triple DES (3DES) is a
variation on DES that uses a 168-bit key. As a result, 3DES is more
secure than DES. It also requires more processing power, resulting in
increased latency and decreased throughput. This implementation of AES
uses a 128-bit key. AES is faster than 3DES.
Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest
5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to
authenticate packet data. The SHA1 algorithm is generally considered
stronger than MD5, but is slower. Select MD5 for minimal security and
SHA-1 for maximum security.
Vantage CNM User's Guide
268
Advertisement
Table of Contents
