Chapter 4 Quick Setup Wizards
Figure 37 VPN Advanced Wizard: Phase 1 Settings
•Secure Gateway: Any displays in this field if it is not configurable for the chosen scenario. Otherwise, enter the WAN IP address or domain name of the remote IPSec device (secure gateway) to identify the remote IPSec device by its IP address or a domain name. Use 0.0.0.0 if the remote IPSec device has a dynamic WAN IP address.
•My Address (interface): Select an interface from the
•Negotiation Mode: Select Main for identity protection. Select Aggressive to allow more incoming connections from dynamic IP addresses to use separate passwords.
Note: Multiple SAs connecting through a secure gateway must have the same negotiation mode.
•Encryption Algorithm: 3DES and AES use encryption. The longer the key, the higher the security (this may affect throughput). Both sender and receiver must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code. The DES encryption algorithm uses a
•Authentication Algorithm: MD5 gives minimal security and SHA512 gives the highest security. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The stronger the algorithm the slower it is.
•Key Group: DH5 is more secure than DH1 or DH2 (although it may affect throughput). DH1 (default) refers to
•SA Life Time: Set how often the ZyWALL renegotiates the IKE SA. A short SA life time increases security, but renegotiation temporarily disconnects the VPN tunnel.
•NAT Traversal: Select this if the VPN tunnel must pass through NAT (there is a NAT router between the IPSec devices).
Note: The remote IPSec device must also have NAT traversal enabled. See the help in the main IPSec VPN screens for more information.
| 55 |
ZyWALL 110/310/1100 Series User’s Guide | |
|
|