ZyXEL Communications ZyWALL USG 200 Series User Manual page 479
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 200 Series:
- User manual (902 pages) ,
- Manual (1157 pages) ,
- Reference manual (394 pages)
Table of Contents
Advertisement
Table 127 Configuration > VPN > IPSec VPN > VPN Connection > Edit (continued)
LABEL
Policy
Local Policy
Remote Policy
Policy
Enforcement
Phase 2 Settings
SA Life Time
Active Protocol
Encapsulation
Proposal
Add
Edit
Remove
#
ZyWALL USG 100/200 Series User's Guide
DESCRIPTION
Select the address corresponding to the local network. Use Create
new Object if you need to configure a new one.
Select the address corresponding to the remote network. Use Create
new Object if you need to configure a new one.
Clear this to allow traffic with source and destination IP addresses
that do not match the local and remote policy to use the VPN tunnel.
Leave this cleared for free access between the local and remote
networks.
Note: Clear this to use the IPSec SA in a VPN concentrator.
Selecting this restricts who can use the VPN tunnel. The ZyWALL
drops traffic with source and destination IP addresses that do not
match the local and remote policy.
Type the maximum number of seconds the IPSec SA can last. Shorter
life times provide better security. The ZyWALL automatically
negotiates a new IPSec SA before the current one expires, if there are
users who are accessing remote resources.
Select which protocol you want to use in the IPSec SA. Choices are:
AH (RFC 2402) - provides integrity, authentication, sequence
integrity (replay resistance), and non-repudiation but not encryption.
If you select AH, you must select an Authentication algorithm.
ESP (RFC 2406) - provides encryption and the same services offered
by AH, but its authentication is weaker. If you select ESP, you must
select an Encryption algorithm and Authentication algorithm.
Both AH and ESP increase processing requirements and latency
(delay).
The ZyWALL and remote IPSec router must use the same active
protocol.
Select which type of encapsulation the IPSec SA uses. Choices are
Tunnel - this mode encrypts the IP header information and the data.
Transport - this mode only encrypts the data.
The ZyWALL and remote IPSec router must use the same
encapsulation.
Click this to create a new entry.
Select an entry and click this to be able to modify it.
Select an entry and click this to delete it.
This field is a sequential value, and it is not associated with a specific
proposal. The sequence of proposals should not affect performance
significantly.
Chapter 25 IPSec VPN
479
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
