ZyXEL Communications 2WE 312

ZyWALL 2 and ZyWALL 2WE

		Table 27-8 Advanced IKE VPN Rule Setup
	LABEL	DESCRIPTION

	Secure Gateway	Type the WAN IP address or the URL (up to 31 characters) of the remote secure
	Secure Gateway	gateway with which you're making the VPN connection. Set this field to 0.0.0.0 if the
	Address	remote secure gateway has a dynamic WAN IP address (the Key Management field
		must be set to IKE).

		Select IP to identify the remote IPSec router by its IP address.
	Peer ID Type	Select DNS to identify the remote IPSec router by a domain name.
		Select E-mailto identify the remote IPSec router by an e-mail address.

		When you select IP in the Peer ID Type field, type the IP address of the computer with
		which you will make the VPN connection or leave the field blank to have the ZyWALL
		automatically use the address in the Secure Gateway field.
		When you select DNS in the Peer ID Type field, type a domain name (up to 31
		characters) by which to identify the remote IPSec router.
	Peer Content	When you select E-mailin the Peer ID Type field, type an e-mail address (up to 31
		characters) by which to identify the remote IPSec router.
		The domain name or e-mail address that you use in the Content field is used for
		identification purposes only and does not need to be a real domain name or e-mail
		address. The domain name also does not have to match the remote router's IP address
		or what you configure in the Secure Gateway Addr field below.

	IKE Phase 1	A phase 1 exchange establishes an IKE SA (Security Association).

	Negotiation Mode	Select Main or Aggressive from the drop-down list box. The ZyWALL's negotiation
	Negotiation Mode	mode should be identical to that on the remote secure gateway.


		Select DES or 3DES from the drop-down list box. The ZyWALL's encryption algorithm
		should be identical to the secure remote gateway. When DES is used for data
	Encryption Algorithm	communications, both sender and receiver must know the same secret key, which can
	Encryption Algorithm	be used to encrypt and decrypt the message. The DES encryption algorithm uses a 56-
		bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result,
		3DES is more secure than DES. It also requires more processing power, resulting in
		increased latency and decreased throughput.

		Select SHA1 or MD5 from the drop-down list box. The ZyWALL's authentication
	Authentication	algorithm should be identical to the secure remote gateway. MD5 (Message Digest 5)
	Authentication	and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate the
	Algorithm
	Algorithm	source and integrity of packet data. The SHA1 algorithm is generally considered

		stronger than MD5, but is slower. Select SHA-1for maximum security.

27-18

VPN/IPSec Setup