Ike Phases; Figure 18 Two Phases To Set Up The Ipsec Sa - ZyXEL Communications ZyWall P1 User Manual

ZyWALL P1 User's Guide
Table 13 VPN Wizard: Network Setting (continued)
LABEL
Starting IP
Address
Ending IP
Address/
Subnet Mask
Back
Next

3.3.7 IKE Phases

There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1
(Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and
the second one uses that SA to negotiate SAs for IPSec.

Figure 18 Two Phases to Set Up the IPSec SA

In phase 1 you must:
• Choose a negotiation mode.
• Authenticate the connection by entering a pre-shared key.
• Choose an encryption algorithm.
• Choose an authentication algorithm.
• Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2).
• Set the IKE SA lifetime. This field allows you to determine how long an IKE SA should
stay up before it times out. An IKE SA times out when the IKE SA lifetime period
expires. If an IKE SA times out when an IPSec SA is already established, the IPSec SA
stays connected.
62
DESCRIPTION
When the Remote Network field is configured to Single, enter a (static) IP address
on the network behind the remote IPSec router. When the Remote Network field is
configured to Range IP, enter the beginning (static) IP address, in a range of
computers on the network behind the remote IPSec router. When the Remote
Network field is configured to Subnet, enter a (static) IP address on the network
behind the remote IPSec router
When the Remote Network field is configured to Single, this field is not applicable.
When the Remote Network field is configured to Range IP, enter the end (static) IP
address, in a range of computers on the network behind the remote IPSec router.
When the Remote Network field is configured to Subnet, enter a subnet mask on the
network behind the remote IPSec router.
Click Back to return to the previous screen.
Click Next to continue.
Chapter 3 Wizard Setup