Manual Setup; Table 39-4 Active Protocol: Encapsulation And Security Protocol - ZyXEL Communications ZyWall 10 User Manual

ZyWALL 10~100 Series Internet Security Gateway
FIELD
Perfect Perfect Forward Secrecy (PFS) is disabled (None) by default in phase 2
Forward IPSec SA setup. This allows faster IPSec setup, but is not so secure. Press
Secrecy (PFS) [SPACE BAR] and choose from DH1 or DH2 to enable PFS. DH1 refers to
Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman
Group 2 a 1024 bit (1Kb) random number (more secure, yet slower).
When you have completed this menu, press [ENTER] at the prompt "Press ENTER to Confirm..." to save
your configuration, or press [ESC] at any time to cancel.

39.5 Manual Setup

You only configure Menu 27.1.1.2 – Manual Setup when you select Manual in the Key Management field
in Menu 27.1.1 – IPSec Setup. Manual key management is useful if you have problems with IKE key
management.
39.5.1 Active Protocol
This field is a combination of mode and security protocols used for the VPN. See the Web Configurator
User's Guide for more information on these parameters.

Table 39-4 Active Protocol: Encapsulation and Security Protocol

Tunnel
Transport
39.5.2 Security Parameter Index (SPI)
To edit this menu, move the cursor to the Edit Manual Setup field in Menu 27.1.1 – IPSec Setup press
[SPACE BAR] to select Yes and then press [ENTER] to go to Menu 27.1.1.2 – Manual Setup.
39-14
Table 39-3
Menu 27.1.1.1: IKE Setup
MODE
DESCRIPTION
SECURITY PROTOCOL
ESP
AH
EXAMPLE
None
VPN/IPSec Setup