ZyXEL Communications ZyWall 2 Plus Quick Start Manual page 12

Make sure that the remote IPSec router uses the same security settings
that you configure in the next two screens.
Negotiation Mode: Select Main Mode for identity protection. Select Aggressive Mode to
allow more incoming connections from dynamic IP addresses to use separate passwords.
Multiple SAs (security associations) connecting through a secure gateway
must have the same negotiation mode.
Encryption Algorithm: Select 3DES or AES for stronger (and slower) encryption.
Authentication Algorithm: Select MD5 for minimal security or SHA-1 for higher security.
Key Group: Select DH2 for higher security.
SA Life Time: Set how often the ZyWALL renegotiates the IKE SA (minimum 180
seconds). A short SA life time increases security, but renegotiation temporarily
disconnects the VPN tunnel.
Pre-Shared Key: Use 8 to 31 case-sensitive ASCII characters or 16 to 62 hexadecimal
("0-9", "A-F") characters. Precede a hexadecimal key with a "0x" (zero x), which is not
counted as part of the 16 to 62 character range for the key.
Encapsulation Mode: Tunnel is compatible with NAT, Transport is not.
IPSec Protocol: ESP is compatible with NAT, AH is not.
Perfect Forward Secrecy (PFS): None allows faster IPSec setup, but DH1 and DH2 are
more secure.
4 Use this screen to configure IKE
(Internet Key Exchange) tunnel settings.
ENGLISH
5 Use this screen to configure IPSec
settings.
11