ZyXEL Communications ZyXEL ZyWALL 50 User Manual page 17

ZyWALL 50 Internet Security Gateway
21.1 Introduction...........................................................................................................................21-1
Chapter 22 Introduction to IPSec .........................................................................................................22-1
22.1 Introduction...........................................................................................................................22-1
22.1.1 VPN ..................................................................................................................................22-1
22.1.2 IPSec .................................................................................................................................22-1
22.1.3 Security Association .........................................................................................................22-1
22.1.4 Other Terminology ...........................................................................................................22-1
22.1.5 VPN Applications .............................................................................................................22-2
22.2 IPSec Architecture ................................................................................................................22-3
22.2.1 IPSec Algorithms ..............................................................................................................22-4
22.2.2 Key Management ..............................................................................................................22-4
22.3 Encapsulation........................................................................................................................22-5
22.3.1 Transport Mode.................................................................................................................22-5
22.3.2 Tunnel Mode.....................................................................................................................22-5
22.4 IPSec and NAT .....................................................................................................................22-5
Chapter 23 VPN/IPSec Setup ................................................................................................................23-1
23.1 VPN/IPSec Setup..................................................................................................................23-1
23.2 IPSec Algorithms..................................................................................................................23-2
23.2.1 AH (Authentication Header) Protocol ..............................................................................23-2
23.2.2 ESP (Encapsulating Security Payload) Protocol...............................................................23-2
23.3 IPSec Summary.....................................................................................................................23-3
23.3.1 IPSec Setup .......................................................................................................................23-7
23.4 IKE Setup............................................................................................................................23-10
23.4.1 IKE Phases......................................................................................................................23-10
23.4.2 Negotiation Mode ...........................................................................................................23-11
23.4.3 Pre-Shared Key ...............................................................................................................23-12
23.4.4 Diffie-Hellman (DH) Key Groups ..................................................................................23-12
23.4.5 Perfect Forward Secrecy (PFS).......................................................................................23-12
Table Of Contents xvii