ZyXEL Communications 35 manual 16

ZyWALL 35 Internet Security Appliance

Remote Network

If the Remote Network field is configured to Single, enter a (static) IP address on the network behind the remote IPSec router. If the Remote Network field is configured to Range IP, enter the beginning and end (static) IP address, in a range of computers on the network behind the remote IPSec router. If the Remote Network field is configured to Subnet, enter a (static) IP address and subnet mask on the network behind the remote IPSec router.

3.Use the third wizard screen to configure IKE (Internet Key Exchange) tunnel settings.

Negotiation Mode

Select Main Mode or Aggressive Mode. Multiple SAs connecting through a secure gateway must have the same negotiation mode.

Encryption Algorithm

Select the method of data encryption using a private (secret) key.

The DES encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result, 3DES is more secure than DES. It also requires more processing power, resulting in increased latency and decreased throughput. This implementation of AES uses a 128-bit key. AES is faster than 3DES.

Authentication Algorithm

MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. Select MD5 for minimal security and SHA-1for maximum security.

Key Group

Choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.

SA Life Time (Seconds)

Define the length of time before an IKE SA automatically renegotiates in this field. The minimum value is 180 seconds.

Pre-Shared Key

Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "A-F") characters. You must precede a hexadecimal key with a "0x” (zero x), which is not counted as part of the 16 to 62 character range for the key.

Click Next to continue.

15