Adding A Component Bb: Vpn1.0 Type - ZyXEL Communications Vantage CNM User Manual

Vantage CNM User's Guide
Table 111 Building Block > Component BB > Add > VPN1.1d_IKE
TYPE
SA Life Time (Seconds)
Key Group
Enable Multiple Proposals
Apply
Reset

18.5.1.5 Adding a Component BB: VPN1.0 Type

If you select VPN1.0 in the Type field in the BB Info screen and select Next, you will to the
next screen, where you must enter VPN information.
269
DESCRIPTION
Define the length of time before an IKE SA automatically renegotiates in
this field. It may range from 180 to 3,000,000 seconds (almost 35 days).
A short SA Life Time increases security by forcing the two VPN gateways
to update the encryption and authentication keys. However, every time the
VPN tunnel renegotiates, all users accessing remote resources are
temporarily disconnected.
You must choose a key group for phase 1 IKE setup. DH1 (default) refers
to Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-
Hellman Group 2 a 1024 bit (1Kb) random number.
Select this check box to allow the ZyWALL to use any of its phase 1 or
phase 2 encryption and authentication algorithms when negotiating an
IPSec SA.
When you enable multiple proposals, the ZyWALL allows the remote
IPSec router to select which encryption and authentication algorithms to
use for the VPN tunnel, even if they are less secure than the ones you
configure for the VPN rule.
Clear this check box to have the ZyWALL use only the phase 1 or phase 2
encryption and authentication algorithms configured below when
negotiating an IPSec SA.
Click Apply to create the BB. This BB is then displayed in the component
BB summary screen.
Click Reset to begin configuring the screen afresh.
Chapter 18 Building Blocks (BBs)