ZyXEL Communications ZyWall 10 User Manual page 220

ZyWALL 10~100 Series Internet Security Gateway
LABEL
Content
Secure Gateway
Addr.
Encapsulation
Mode
ESP
Encryption
Algorithm
15-14
Table 15-7 VPN IKE
When you select IP in the Peer ID Type field, type the IP address of the computer
with which you will make the VPN connection in the peer Content field. The ZyWALL
automatically uses the address in the Secure Gateway Addr field (refer to the
Secure Gateway Addr field description) if you configure the peer Content field to
0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the peer
Content field or use the DNS or E-mail ID type in the following situations.
When there is a NAT router between the two IPSec routers.
When you want the ZyWALL to distinguish between VPN connection
requests that come in from remote IPSec routers with dynamic WAN IP
addresses.
When you select DNS or E-mail in the Peer ID Type field, type a domain name or e-
mail address by which to identify the remote IPSec router in the peer Content field.
Use up to 31 ASCII characters including spaces, although trailing spaces are
truncated. The domain name or e-mail address is for identification purposes only and
can be any string.
Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with
which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec
router has a dynamic WAN IP address (the Key Management field must be set to
IKE).
Select Tunnel mode or Transport mode from the drop-down list box.
Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP
protocol (RFC 2406) provides encryption as well as some of the services offered by
AH. If you select ESP here, you must select options from the Encryption Algorithm
and Authentication Algorithm fields (described below).
Select DES, 3DES or NULL from the drop-down list box.
When DES is used for data communications, both sender and receiver must know
the same secret key, which can be used to encrypt and decrypt the message or to
generate and verify a message authentication code. The DES encryption algorithm
uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key.
As a result, 3DES is more secure than DES. It also requires more processing power,
resulting in increased latency and decreased throughput. Select NULL to set up a
tunnel without encryption. When you select NULL, you do not enter an encryption
key.
DESCRIPTION
VPN Screens