Chapter 3 Wizard Setup
Figure 30 VPN Wizard: IKE Tunnel Setting
The following table describes the labels in this screen.
Table 18 VPN Wizard: IKE Tunnel Setting
LABEL | DESCRIPTION |
Negotiation Mode | Select Main Mode for identity protection. Select Aggressive Mode to allow |
| more incoming connections from dynamic IP addresses to use separate |
| passwords. |
| Note: Multiple SAs (security associations) connecting through a |
| secure gateway must have the same negotiation mode. |
|
|
Encryption | When DES is used for data communications, both sender and receiver must |
Algorithm | know the same secret key, which can be used to encrypt and decrypt the |
| message or to generate and verify a message authentication code. The DES |
| encryption algorithm uses a |
| that uses a |
| requires more processing power, resulting in increased latency and decreased |
| throughput. This implementation of AES uses a |
| 3DES. |
Authentication | MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash |
Algorithm | algorithms used to authenticate packet data. The SHA1 algorithm is generally |
| considered stronger than MD5, but is slower. Select MD5 for minimal security |
| and |
|
|
Key Group | You must choose a key group for phase 1 IKE setup. DH1 (default) refers to |
| |
| Group 2 a 1024 bit (1Kb) random number. |
|
|
SA Life Time | Define the length of time before an IKE SA automatically renegotiates in this |
(Seconds) | field. The minimum value is 180 seconds. |
| A short SA Life Time increases security by forcing the two VPN gateways to |
| update the encryption and authentication keys. However, every time the VPN |
| tunnel renegotiates, all users accessing remote resources are temporarily |
| disconnected. |
94 |
| |
ZyWALL 2WG User’s Guide |
| |
|
|
|