|
| Chapter 14 IPSec VPN | |
| Table 92 SECURITY > VPN > VPN Rules (Manual) > Edit (continued) | ||
| LABEL | DESCRIPTION |
|
| My ZyWALL | When the ZyWALL is in router mode, enter the WAN IP address of your ZyWALL |
|
|
| or leave the field set to 0.0.0.0. |
|
|
| The ZyWALL uses its current WAN IP address (static or dynamic) in setting up the |
|
|
| VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes down, the |
|
|
| ZyWALL uses the dial backup IP address for the VPN tunnel when using dial |
|
|
| backup or the LAN IP address when using traffic redirect. |
|
|
| The VPN tunnel has to be rebuilt if this IP address changes. |
|
|
| When the ZyWALL is in bridge mode, this field is |
|
|
| ZyWALL’s IP address. |
|
|
|
|
|
| Primary Remote | Type the WAN IP address of the IPSec router with which you're making the VPN |
|
| Gateway | connection. |
|
|
|
|
|
| Manual Proposal |
|
|
|
|
|
|
| SPI | Type a unique SPI (Security Parameter Index) from one to four characters long. |
|
|
| Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9". |
|
|
|
|
|
| Encapsulation | Select Tunnel mode or Transport mode from the |
|
| Mode |
|
|
|
|
|
|
| Active Protocol | Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP |
|
|
| protocol (RFC 2406) provides encryption as well as some of the services offered |
|
|
| by AH. If you select ESP here, you must select options from the Encryption |
|
|
| Algorithm and Authentication Algorithm fields (described next). |
|
|
| Select AH if you want to use AH (Authentication Header Protocol). The AH |
|
|
| protocol (RFC 2402) was designed for integrity, authentication, sequence integrity |
|
|
| (replay resistance), and |
|
|
| ESP was designed. If you select AH here, you must select options from the |
|
|
| Authentication Algorithm field (described next). |
|
|
|
|
|
| Encryption | Select DES, 3DES or NULL from the |
|
| Algorithm | When DES is used for data communications, both sender and receiver must know |
|
|
| the Encryption Key, which can be used to encrypt and decrypt the message or to |
|
|
| generate and verify a message authentication code. The DES encryption algorithm |
|
|
| uses a |
|
|
| As a result, 3DES is more secure than DES. It also requires more processing |
|
|
| power, resulting in increased latency and decreased throughput. Select NULL to |
|
|
| set up a tunnel without encryption. When you select NULL, you do not enter an |
|
|
| encryption key. |
|
|
|
|
|
| Authentication | Select SHA1 or MD5 from the |
|
| Algorithm | SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet |
|
|
| data. The SHA1 algorithm is generally considered stronger than MD5, but is |
|
|
| slower. Select MD5 for minimal security and |
|
|
|
|
|
| Encryption Key | This field is applicable when you select ESP in the Active Protocol field above. |
|
|
| With DES, type a unique key 8 characters long. With 3DES, type a unique key 24 |
|
|
| characters long. Any characters may be used, including spaces, but trailing spaces |
|
|
| are truncated. |
|
|
|
|
|
| Authentication | Type a unique authentication key to be used by IPSec if applicable. Enter 16 |
|
| Key | characters for MD5 authentication or 20 characters for |
|
|
| characters may be used, including spaces, but trailing spaces are truncated. |
|
|
|
|
|
| Apply | Click Apply to save your changes back to the ZyWALL. |
|
|
|
|
|
| Cancel | Click Cancel to exit this screen without saving. |
|
|
|
|
|
| 337 |
ZyWALL 2WG User’s Guide | |
|
|