ZyXEL Communications ZyWall 10W User Manual page 237

LABEL
Ending IP
Address/Subnet
Mask
DNS Server (for
IPSec VPN)
My IP Address
Secure Gateway
Addr
SPI
Encapsulation
Mode
ESP
AH
Encryption
Algorithm
VPN Screens
Table 15-9 VPN Manual Key
When the Address Type field is configured to Single Address, this field is N/A.
When the Address Type field is configured to Range Address, enter the end (static)
IP address, in a range of computers on the network behind the remote IPSec router.
When the Address Type field is configured to Subnet Address, enter a subnet
mask on the network behind the remote IPSec router.
If there is a private DNS server that services the VPN, type its IP address here. The
ZyWALL assigns this additional DNS server to the ZyWALL's DHCP clients that have
IP addresses in this IPSec rule's range of local addresses.
A DNS server allows clients on the VPN to find other computers and servers on the
VPN by their (private) domain names.
Enter the WAN IP address of your ZyWALL. The ZyWALL uses its current WAN IP
address (static or dynamic) in setting up the VPN tunnel if you leave this field as
0.0.0.0. The VPN tunnel has to be rebuilt if this IP address changes.
Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with
which you're making the VPN connection.
Type a number (base 10) from 1 to 999999 for the Security Parameter Index.
Select Tunnel mode or Transport mode from the drop-down list box.
Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP
protocol (RFC 2406) provides encryption as well as some of the services offered by
AH. If you select ESP here, you must select options from the Encryption Algorithm
and Authentication Algorithm fields.
Select AH if you want to use AH (Authentication Header Protocol). The AH protocol
(RFC 2402) was designed for integrity, authentication, sequence integrity (replay
resistance), and non-repudiation but not for confidentiality, for which the ESP was
designed. If you select AH here, you must select options from the Authentication
Algorithm field.
Select DES, 3DES or NULL from the drop-down list box.
When you use DES or 3DES, both sender and receiver must know the Encryption
Key, which can be used to encrypt and decrypt the messages. The DES encryption
algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a
168-bit key. As a result, 3DES is more secure than DES. It also requires more
processing power, resulting in increased latency and decreased throughput. Select
NULL to set up a tunnel without encryption. When you select NULL, you do not enter
an encryption key.
ZyWALL Series Internet Security Gateway
DESCRIPTION
15-27