Chapter 20 IPSec VPN
Table 107 Configuration > VPN > IPSec VPN > VPN Connection > Edit (continued)
LABEL | DESCRIPTION | |
Authentication | Select which hash algorithm to use to authenticate packet data in the IPSec SA. | |
| Choices are SHA1, SHA256, SHA512 and MD5. SHA is generally considered | |
| stronger than MD5, but it is also slower. | |
| The ZyWALL and the remote IPSec router must both have a proposal that uses the | |
| same authentication algorithm. | |
|
| |
Perfect Forward | Select whether or not you want to enable Perfect Forward Secrecy (PFS) and, if you | |
Secrecy (PFS) | do, which | |
| none - disable PFS | |
| DH1 - enable PFS and use a | |
| DH2 - enable PFS and use a | |
| DH5 - enable PFS and use a | |
| PFS changes the root key that is used to generate encryption keys for each IPSec SA. | |
| The longer the key, the more secure the encryption, but also the longer it takes to | |
| encrypt and decrypt information. Both routers must use the same DH key group. | |
|
| |
Related Settings |
| |
|
| |
Zone | Select the security zone into which to add this VPN connection policy. Any security | |
| rules or settings configured for the selected zone apply to this VPN connection policy. | |
|
| |
Connectivity Check | The ZyWALL can regularly check the VPN connection to the gateway you specified to | |
| make sure it is still available. | |
|
| |
Enable | Select this to turn on the VPN connection check. | |
Connectivity Check |
| |
|
| |
Check Method | Select how the ZyWALL checks the connection. The peer must be configured to | |
| respond to the method you select. | |
| Select icmp to have the ZyWALL regularly ping the address you specify to make sure | |
| traffic can still go through the connection. You may need to configure the peer to | |
| respond to pings. | |
| Select tcp to have the ZyWALL regularly perform a TCP handshake with the address | |
| you specify to make sure traffic can still go through the connection. You may need to | |
| configure the peer to accept the TCP connection. | |
|
| |
Check Port | This field displays when you set the Check Method to tcp. Specify the port number | |
| to use for a TCP connectivity check. | |
|
| |
Check Period | Enter the number of seconds between connection check attempts. | |
|
| |
Check Timeout | Enter the number of seconds to wait for a response before the attempt is a failure. | |
|
| |
Check Fail | Enter the number of consecutive failures allowed before the ZyWALL disconnects the | |
Tolerance | VPN tunnel. The ZyWALL resumes using the first peer gateway address when the VPN | |
| connection passes the connectivity check. | |
|
| |
Check this Address | Select this to specify a domain name or IP address for the connectivity check. Enter | |
| that domain name or IP address in the field next to it. | |
|
| |
Check the First | Select this to have the ZyWALL check the connection to the first and last IP addresses | |
and Last IP | in the connection’s remote policy. Make sure one of these is the peer gateway’s LAN | |
Address in the | IP address. | |
Remote Policy | ||
| ||
|
| |
Log | Select this to have the ZyWALL generate a log every time it checks this VPN | |
| connection. | |
|
| |
Inbound/Outbound |
| |
traffic NAT |
| |
|
| |
Outbound Traffic |
| |
|
|
290 |
|
ZyWALL 110/310/1100 Series User’s Guide | |
|
|