Chapter 3 Wizard Setup
Table 20 VPN Wizard: VPN Status (continued)
LABEL | DESCRIPTION |
Network Policy |
|
Setting |
|
|
|
Local Network |
|
|
|
Starting IP Address | This is a (static) IP address on the LAN behind your ZyWALL. |
|
|
Ending IP Address/ | When the local network is configured for a single IP address, this field is N/A. |
Subnet Mask | When the local network is configured for a range IP address, this is the end |
| (static) IP address, in a range of computers on the LAN behind your ZyWALL. |
| When the local network is configured for a subnet, this is a subnet mask on the |
| LAN behind your ZyWALL. |
|
|
Remote Network |
|
|
|
Starting IP Address | This is a (static) IP address on the network behind the remote IPSec router. |
|
|
Ending IP Address/ | When the remote network is configured for a single IP address, this field is N/A. |
Subnet Mask | When the remote network is configured for a range IP address, this is the end |
| (static) IP address, in a range of computers on the network behind the remote |
| IPSec router. When the remote network is configured for a subnet, this is a |
| subnet mask on the network behind the remote IPSec router. |
|
|
IKE Tunnel Setting |
|
(IKE Phase 1) |
|
|
|
Negotiation Mode | This shows Main Mode or Aggressive Mode. Multiple SAs connecting through |
| a secure gateway must have the same negotiation mode. |
|
|
Encryption | This is the method of data encryption. Options can be DES, 3DES or AES. |
Algorithm |
|
|
|
Authentication | MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash |
Algorithm | algorithms used to authenticate packet data. |
|
|
Key Group | This is the key group you chose for phase 1 IKE setup. |
|
|
SA Life Time | This is the length of time before an IKE SA automatically renegotiates. |
(Seconds) |
|
|
|
This is a | |
| negotiation. |
|
|
IPSec Setting (IKE |
|
Phase 2) |
|
|
|
Encapsulation Mode | This shows Tunnel mode or Transport mode. |
|
|
IPSec Protocol | ESP or AH are the security protocols used for an SA. |
|
|
Encryption | This is the method of data encryption. Options can be DES, 3DES, AES or |
Algorithm | NULL. |
|
|
Authentication | MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash |
Algorithm | algorithms used to authenticate packet data. |
|
|
SA Life Time | This is the length of time before an IKE SA automatically renegotiates. |
(Seconds) |
|
|
|
Perfect Forward | Perfect Forward Secret (PFS) is disabled (None) by default in phase 2 IPSec |
Secret (PFS) | SA setup. Otherwise, DH1 or DH2 are selected to enable PFS. |
|
|
Back | Click Back to return to the previous screen. |
|
|
Finish | Click Finish to complete and save the wizard setup. |
|
|
98 |
| |
ZyWALL 2WG User’s Guide |
| |
|
|
|