ZyXEL Communications 2WE 317

		ZyWALL 2 and ZyWALL 2WE
		Table 27-9 Manual IKE VPN Rule Setup

	LABEL	DESCRIPTION

		Enter the WAN IP address of your ZyWALL. The ZyWALL uses its current WAN IP
	My IP Address	address (static or dynamic) in setting up the VPN tunnel if you leave this field as
		0.0.0.0. The VPN tunnel has to be rebuilt if this IP address changes.

		Type the WAN IP address or the URL (up to 31 characters) of the remote secure
	Secure Gateway IP	gateway with which you're making the VPN connection. Set this field to 0.0.0.0 if the
	Address	remote secure gateway has a dynamic WAN IP address (the Key Management field
		must be set to IKE).

	SPI	Type a unique SPI from one to four characters long. Valid Characters are "0, 1, 2, 3,
	SPI	4, 5, 6, 7, 8, and 9".
		4, 5, 6, 7, 8, and 9".

	Encapsulation Mode	Select Tunnel mode or Transport mode from the drop down list-box. The ZyWALL's
	Encapsulation Mode	encapsulation mode should be identical to the secure remote gateway.


	Enable Replay	As a VPN setup is processing intensive, the system is vulnerable to Denial of Service
	Enable Replay	(DOS) attacks The IPSec receiver can detect and reject old or duplicate packets to
	Detection
	Detection	protect against replay attacks. Enable replay detection by setting this field to Yes.


		Select ESP or AH from the drop-down list box. The ZyWALL's IPSec Protocol should
		be identical to the secure remote gateway. The ESP (Encapsulation Security
		Payload) protocol (RFC 2406) provides encryption as well as the authentication
		offered by AH. If you select ESP here, you must select options from the Encryption
	IPSec Protocol	Algorithm and Authentication Algorithm fields (described below). The AH protocol
		(Authentication Header Protocol) (RFC 2402) was designed for integrity,
		authentication, sequence integrity (replay resistance), and non-repudiation but not for
		confidentiality, for which the ESP was designed. If you select AH here, you must
		select an option from the Authentication Algorithm field.

		Select DES or 3DES from the drop-down list box. The ZyWALL's encryption algorithm
		should be identical to the secure remote gateway. When DES is used for data
		communications, both sender and receiver must know the same secret key, which
	Encryption Algorithm	can be used to encrypt and decrypt the message. The DES encryption algorithm uses
		a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a
		result, 3DES is more secure than DES. It also requires more processing power,
		resulting in increased latency and decreased throughput.

	Encryption Key (only	With DES, type a unique key 8 characters long. With 3DES, type a unique key 24
	Encryption Key (only	characters long. Any characters may be used, including spaces, but trailing spaces
	with ESP)
	with ESP)	are truncated.
		are truncated.

VPN/IPSec Setup

27-23