ZyXEL Communications Vantage CNM 2.3 User Manual page 339
Centralized network management
Hide thumbs
Also See for Vantage CNM 2.3:
- Upgrade information (16 pages) ,
- Quick start manual (127 pages)
Table of Contents
Advertisement
Table 133 Device Operation > Device Configuration > VPN > IPSec VPN > VPN
Gateway > Edit (continued)
LABEL
Key Group
SA Life Time
(Seconds)
NAT Traversal
Dead Peer
Detection
(DPD)
Property
My Address
Vantage CNM User's Guide
DESCRIPTION
Select which Diffie-Hellman key group (DHx) you want to use for
encryption keys. Choices are:
DH1 - use a 768-bit random number
DH2 - use a 1024-bit random number
DH5 - use a 1536-bit random number
The longer the key, the more secure the encryption, but also the
longer it takes to encrypt and decrypt information. Both routers
must use the same DH key group.
Type the maximum number of seconds the IKE SA can last. When
this time has passed, the ZyWALL and remote IPSec router have to
update the encryption and authentication keys and re-negotiate the
IKE SA. This does not affect any existing IPSec SAs, however.
Select this if any of these conditions are satisfied.
•
This IKE SA might be used to negotiate IPSec SA that use active
protocol AH.
•
There are one or more NAT routers between the ZyWALL and
remote IPSec router, and these routers do not support IPSec
pass-thru or a similar feature.
The remote IPSec router must also enable NAT traversal, and the
NAT routers have to forward packets with UDP port 500 and UDP
4500 headers unchanged.
Select this check box if you want the ZyWALL to make sure the
remote IPSec router is there before it transmits data through the IKE
SA. The remote IPSec router must support DPD. If there has been no
traffic for at least 15 seconds, the ZyWALL sends a message to the
remote IPSec router. If the remote IPSec router responds, the
ZyWALL transmits the data. If the remote IPSec router does not
respond, the ZyWALL shuts down the IKE SA.
If the remote IPSec router does not support DPD, see if you can use
the VPN connection connectivity check (see
325).
Select how the IP address of the ZyWALL in the IKE SA is defined.
If you select Interface, select the Ethernet interface, VLAN
interface, virtual Ethernet interface, virtual VLAN interface, PPPoE/
PPTP interface, or auxiliary interface. The IP address of the ZyWALL
in the IKE SA is the IP address of the interface.
If you select Domain Name, enter the domain name or the IP
address of the ZyWALL. The IP address of the ZyWALL in the IKE SA
is the specified IP address or the IP address corresponding to the
domain name. 0.0.0.0 is invalid.
Chapter 11 IPSec VPN
Section 11.1.1 on page
339
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications Vantage CNM 2.3
Related Products for ZyXEL Communications Vantage CNM 2.3
- ZyXEL Communications VANTAGE CNM - V3.1
- ZyXEL Communications VANTAGE CNM 2.0 -
- ZyXEL Communications VANTAGE CNM V2.0 -
- ZyXEL Communications Vantage CNM 2.2
- ZyXEL Communications VANTAGE REPORT -
- ZyXEL Communications VANTAGE REPORT - V3
- ZyXEL Communications VANTAGE REPORT - V3.0
- ZyXEL Communications Vantage Report 3.0
- ZyXEL Communications VANTAGE CNM - QUICK GUIDE V3.1
- ZyXEL Communications VANTAGE CNM QUICK START GUIDE - 1
- ZyXEL Communications Vantage Access
- ZyXEL Communications Centralized Network Management Vantage CNM
- ZyXEL Communications Comet 3356
- ZyXEL Communications CAM5525
- ZyXEL Communications COMET 336
- ZyXEL Communications Cable Modem