|
| Chapter 14 IPSec VPN |
| Table 68 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy (continued) | |
| LABEL | DESCRIPTION |
| Ending IP Address/ | When the Address Type field is configured to Single Address, this field is N/A. |
| Subnet Mask | When the Address Type field is configured to Range Address, enter the end |
|
| (static) IP address, in a range of computers on the LAN behind your ZyWALL. |
|
| When the Address Type field is configured to Subnet Address, this is a |
|
| subnet mask on the LAN behind your ZyWALL. |
|
|
|
| Local Port | 0 is the default and signifies any port. Type a port number from 0 to 65535 in the |
|
| Start and End fields. Some of the most common IP ports are: 21, FTP; 53, |
|
| DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3. |
|
|
|
| Remote Network | Specify the IP addresses of the devices behind the remote IPSec router that |
|
| can use the VPN tunnel. The remote IP addresses must correspond to the |
|
| remote IPSec router's configured local IP addresses. |
|
| Two active SAs cannot have the local and remote IP address(es) both the |
|
| same. Two active SAs can have the same local or remote IP address, but not |
|
| both. You can configure multiple SAs between the same local and remote IP |
|
| addresses, as long as only one is active at any time. |
|
|
|
| Address Type | Use the |
|
| Subnet Address. Select Single Address with a single IP address. Select |
|
| Range Address for a specific range of IP addresses. Select Subnet Address |
|
| to specify IP addresses on a network by their subnet mask. |
|
|
|
| Starting IP Address | When the Address Type field is configured to Single Address, enter a (static) |
|
| IP address on the network behind the remote IPSec router. When the Addr |
|
| Type field is configured to Range Address, enter the beginning (static) IP |
|
| address, in a range of computers on the network behind the remote IPSec |
|
| router. When the Address Type field is configured to Subnet Address, enter a |
|
| (static) IP address on the network behind the remote IPSec router. |
|
|
|
| Ending IP Address/ | When the Address Type field is configured to Single Address, this field is N/A. |
| Subnet Mask | When the Address Type field is configured to Range Address, enter the end |
|
| (static) IP address, in a range of computers on the network behind the remote |
|
| IPSec router. When the Address Type field is configured to Subnet Address, |
|
| enter a subnet mask on the network behind the remote IPSec router. |
|
|
|
| Remote Port | 0 is the default and signifies any port. Type a port number from 0 to 65535 in the |
|
| Start and End fields. Some of the most common IP ports are: 21, FTP; 53, |
|
| DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3. |
|
|
|
| IPSec Proposal |
|
|
|
|
| Encapsulation Mode | Select Tunnel mode or Transport mode. |
|
|
|
| Active Protocol | Select the security protocols used for an SA. |
|
| Both AH and ESP increase processing requirements and communications |
|
| latency (delay). |
|
|
|
| Encryption Algorithm | Select which key size and encryption algorithm to use in the IKE SA. Choices |
|
| are: |
|
| NULL - no encryption key or algorithm |
|
| DES - a |
|
| 3DES - a |
|
| AES - a |
|
| The ZyWALL and the remote IPSec router must use the same algorithms and |
|
| keys. Longer keys require more processing power, resulting in increased |
|
| latency and decreased throughput. |
|
|
|
| Authentication | Select which hash algorithm to use to authenticate packet data in the IPSec SA. |
| Algorithm | Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5, |
|
| but it is also slower. |
|
|
|
| 277 |
ZyWALL 2 Plus User’s Guide | |
|
|