Manual Key Setup; Configuring Manual Key - ZyXEL Communications ZyWALL 5 User Manual

LABEL
End Type a port number in this field to define a port range. This port number must be greater
than that specified in the previous field. If Local Port Start is left at 0, Local Port End
will also remain at 0.
Remote Port
Start Type up to 32 characters to identify this VPN policy. You may use any character,
including spaces, but the ZyWALL drops trailing spaces.
End Enter a port number in this field to define a port range. This port number must be greater
than that specified in the previous field. If Remote Port Start is left at 0, Remote Port
End will also remain at 0.
Apply Click Apply to save your changes back to the ZyWALL and return to the Edit VPN Rule
screen.
Cancel Click Cancel to return to the Edit VPN Rule screen without saving your changes.

13.13 Manual Key Setup

Manual key management is useful if you have problems with IKE key management.
13.13.1 Security Parameter Index (SPI)
An SPI is used to distinguish different SAs terminating at the same destination and using the same
IPSec protocol. This data allows for the multiplexing of SAs to a single gateway. The SPI (Security
Parameter Index) along with a destination IP address uniquely identify a particular Security
Association (SA). The SPI is transmitted from the remote VPN gateway to the local VPN gateway.
The local VPN gateway then uses the network, encryption and key values that the administrator
associated with the SPI to establish the tunnel.
Current ZyXEL implementation assumes identical outgoing and
incoming SPIs.

13.14 Configuring Manual Key

You only configure VPN Manual Key when you select Manual Key in the Key Management field
on the Edit VPN Rule screen. This is the VPN Manual Key screen as shown next.
VPN Screens
Table 13-8 Edit VPN Rule: Advanced
DESCRIPTION
ZyWALL 5 Internet Security Appliance
13-19