ZyXEL Communications USG40 User Manual page 366
Usg series
Hide thumbs
Also See for USG40:
- User manual (994 pages) ,
- Handbook (810 pages) ,
- Reference manual (665 pages)
Table of Contents
Advertisement
IP Addresses of the ZyWALL/USG and Remote IPSec Router
To set up an IKE SA, you have to specify the IP addresses of the ZyWALL/USG and remote IPSec
router. You can usually enter a static IP address or a domain name for either or both IP addresses.
Sometimes, your ZyWALL/USG might offer another alternative, such as using the IP address of a
port or interface, as well.
You can also specify the IP address of the remote IPSec router as 0.0.0.0. This means that the
remote IPSec router can have any IP address. In this case, only the remote IPSec router can initiate
an IKE SA because the ZyWALL/USG does not know the IP address of the remote IPSec router. This
is often used for telecommuters.
IKE SA Proposal
The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and
Diffie-Hellman (DH) key group that the ZyWALL/USG and remote IPSec router use in the IKE SA. In
main mode, this is done in steps 1 and 2, as illustrated next.
Figure 238 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal
The ZyWALL/USG sends one or more proposals to the remote IPSec router. (In some devices, you
can only set up one proposal.) Each proposal consists of an encryption algorithm, authentication
algorithm, and DH key group that the ZyWALL/USG wants to use in the IKE SA. The remote IPSec
router selects an acceptable proposal and sends the accepted proposal back to the ZyWALL/USG. If
the remote IPSec router rejects all of the proposals, the ZyWALL/USG and remote IPSec router
cannot establish an IKE SA.
Note: Both routers must use the same encryption algorithm, authentication algorithm,
and DH key group.
In most ZyWALL/USGs, you can select one of the following encryption algorithms for each proposal.
The algorithms are listed in order from weakest to strongest.
• Data Encryption Standard (DES) is a widely used method of data encryption. It applies a 56-bit
key to each 64-bit block of data.
• Triple DES (3DES) is a variant of DES. It iterates three times with three separate keys, effectively
tripling the strength of DES.
• Advanced Encryption Standard (AES) is a newer method of data encryption that also uses a
secret key. AES applies a 128-bit key to 128-bit blocks of data. It is faster than 3DES.
Chapter 19 IPSec VPN
One or more proposals, each one consisting of:
- encryption algorithm
- authentication algorithm
- Diffie-Hellman key group
X
ZyWALL/USG Series User's Guide
1
2
366
Y
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications USG40
Related Products for ZyXEL Communications USG40
- ZyXEL Communications ZYWALL USG 300
- ZyXEL Communications USG-50 - V2.21 ED 1
- ZyXEL Communications USG-100@USG-200 - V2.20 ED 2
- ZyXEL Communications USG-300 - V2.20 ED 2
- ZyXEL Communications ZYWALL USG 20W
- ZyXEL Communications UAG Series
- ZyXEL Communications ZyWALL USG100-Plus
- ZyXEL Communications ZyWALL USG 2000