Vpn Rules (Ike): Network Policy Edit - ZyXEL Communications ZyWall 5 Series User Manual
Internet security appliance
Hide thumbs
Also See for ZyWall 5 Series:
- User manual (872 pages) ,
- User manual (807 pages) ,
- User manual (803 pages)
Table of Contents
Advertisement
ZyWALL 5/35/70 Series User's Guide
If you enable PFS, the ZyWALL and remote IPSec router perform a DH key exchange every
time an IPSec SA is established, changing the root key from which encryption keys are
generated. As a result, if one encryption key is compromised, other encryption keys remain
secure.
If you do not enable PFS, the ZyWALL and remote IPSec router use the same root key that
was generated when the IKE SA was established to generate encryption keys.
The DH key exchange is time-consuming and may be unnecessary for data that does not
require such security.
18.7 VPN Rules (IKE): Network Policy Edit
Click SECURITY > VPN and the add network policy (
screen to display the VPN-Network Policy -Edit screen. Use this screen to configure a
network policy. A network policy identifies the devices behind the IPSec routers at either end
of a VPN tunnel and specifies the authentication, encryption and other settings needed to
negotiate a phase 2 IPSec SA.
342
) icon in the VPN Rules (IKE)
Chapter 18 IPSec VPN
Advertisement
Table of Contents
Troubleshooting
