Encryption And Authentication Algorithms; Vpn Rules (Ike) Gateway Policy Edit - ZyXEL Communications ZYWALL 2 PLUS User Manual

If the remote IPSec router is not a ZyWALL, you may also want to avoid setting the IPSec rule
to nailed up.

14.4.3 Encryption and Authentication Algorithms

In most ZyWALLs, you can select one of the following encryption algorithms for each
proposal. The encryption algorithms are listed here in order from weakest to strongest.
• Data Encryption Standard (DES) is a widely used (but breakable) method of data
encryption. It applies a 56-bit key to each 64-bit block of data.
• Triple DES (3DES) is a variant of DES. It iterates three times with three separate keys,
effectively tripling the strength of DES.
• Advanced Encryption Standard (AES) is a newer method of data encryption that also uses
a secret key. AES applies a 128-bit key to 128-bit blocks of data. It is faster than 3DES.
Use the commands to have the AES encryption apply 192-bit or 256-bit keys to 128-bit blocks
of data.
You can select one of the following authentication algorithms for each proposal. The
algorithms are listed here in order from weakest to strongest.
• MD5 (Message Digest 5) produces a 128-bit digest to authenticate packet data.
• SHA1 (Secure Hash Algorithm) produces a 160-bit digest to authenticate packet data.

14.5 VPN Rules (IKE) Gateway Policy Edit

In the VPN Rule (IKE) screen, click the add gateway policy (
to display the VPN-Gateway Policy -Edit screen.
Use this screen to configure a VPN gateway policy. The gateway policy identifies the IPSec
routers at either end of a VPN tunnel (My ZyWALL and Remote Gateway) and specifies the
authentication, encryption and other settings needed to negotiate a phase 1 IKE SA.
ZyWALL 2 Plus User's Guide
Chapter 14 IPSec VPN
) icon or the edit ( ) icon
245