ZyXEL Communications ZYWALL USG 2000 Manual page 95

Phase 2 in an IKE uses the SA that was established in phase 1 to negotiate SAs for
IPSec.
Figure 46 VPN Advanced Wizard: Step 4
The following table describes the labels in this screen.
Table 20 VPN Advanced Wizard: Step 4
LABEL
Phase 2 Setting
Active Protocol
Encapsulation
ZyWALL USG 2000 User's Guide
DESCRIPTION
Select the security protocols used for an SA.
Both AH and ESP increase ZyWALL processing requirements and
communications latency (delay).
Tunnel is compatible with NAT, Transport is not.
Tunnel mode encapsulates the entire IP packet to transmit it
securely. Tunnel mode is required for gateway services to provide
access to internal systems. Tunnel mode is fundamentally an IP
tunnel with authentication and encryption. Transport mode is used
to protect upper layer protocols and only affects the data in the IP
packet. In Transport mode, the IP packet contains the security
protocol (AH or ESP) located after the original IP header and options,
but before any upper layer protocols contained in the packet (such as
TCP and UDP).
Chapter 4 Wizard Setup
95