Figure 3-9 Vpn Wizard : Ike Tunnel Setting; Table 3-10 Vpn Wizard : Ike Tunnel Setting - ZyXEL Communications ZyWALL 5 User Manual

3.5.3 IKE Tunnel Setting (IKE Phase 1)
The following table describes the labels in this screen.
LABEL
Negotiation Mode
Encryption Algorithm
Authentication
Algorithm
Key Group
SA Life Time
(Seconds)
Wizard Setup

Figure 3-9 VPN Wizard : IKE Tunnel Setting

Table 3-10 VPN Wizard : IKE Tunnel Setting

Use the radio buttons to select Main Mode or Aggressive Mode. Multiple SAs
connecting through a secure gateway must have the same negotiation mode.
When DES is used for data communications, both sender and receiver must know the
same secret key, which can be used to encrypt and decrypt the message or to
generate and verify a message authentication code. The DES encryption algorithm
uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key.
As a result, 3DES is more secure than DES. It also requires more processing power,
resulting in increased latency and decreased throughput. This implementation of AES
uses a 128-bit key. AES is faster than 3DES.
MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms
used to authenticate packet data. The SHA1 algorithm is generally considered
stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for
maximum security.
You must choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie-
Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a
1024 bit (1Kb) random number.
Define the length of time before an IKE SA automatically renegotiates in this field. The
minimum value is 180 seconds.
A short SA Life Time increases security by forcing the two VPN gateways to update
the encryption and authentication keys. However, every time the VPN tunnel
renegotiates, all users accessing remote resources are temporarily disconnected.
ZyWALL 5 Internet Security Appliance
DESCRIPTION
3-15