ZyXEL Communications 662H Series, 662HW Series 45.5 Manual Setup, 45.5.1 Active Protocol, 45.5.2 Security Parameter Index (SPI), IKE, Manual, Key Management, Edit Manual Setup, Menu 27.1.1

Prestige 662H/HW Series User’s Guide

Table 151 Menu 27.1.1.1 IKE Setup (continued)

FIELD	DESCRIPTION

Key Group	You must choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie-
	Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a
	1024 bit (1Kb) random number.
Phase 2

Active Protocol	Press [SPACE BAR] to choose from ESP or AH and then press [ENTER]. See earlier
	for a discussion of these protocols.
Encryption	Press [SPACE BAR] to choose from NULL, DES, 3DES or AES and then press
Algorithm	[ENTER]. Select NULL to set up a tunnel without encryption.
Authentication	Press [SPACE BAR] to choose from SHA1 or MD5 and then press [ENTER].
Algorithm
SA Life Time	Define the length of time before an IPSec Security Association automatically
(Seconds)	renegotiates in this field. It may range from 60 to 3,000,000 seconds (almost 35 days).
Encapsulation	Press [SPACE BAR] to choose from Tunnel mode or Transport mode and then press
	[ENTER]. See earlier for a discussion of these.
Perfect Forward	Perfect Forward Secrecy (PFS) is disabled (None) by default in phase 2 IPSec SA
Secrecy (PFS)	setup. This allows faster IPSec setup, but is not so secure. Press [SPACE BAR] and
	choose from DH1 or DH2 to enable PFS. DH1 refers to Diffie-Hellman Group 1 a 768
	bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random
	number (more secure, yet slower).

When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm or ESC to Cancel:” to save your configuration, or press [ESC] at any time to cancel.

45.5 Manual Setup

You only configure Menu 27.1.1.2 – Manual Setup when you select Manual in the Key Management field in Menu 27.1.1 – IPSec Setup. Manual key management is useful if you have problems with IKE key management.

45.5.1 Active Protocol

This field is a combination of mode and security protocols used for the VPN. See the Web Configurator part on VPN for more information on these parameters.

Table 152 Active Protocol: Encapsulation and Security Protocol

MODE	SECURITY PROTOCOL

Tunnel	ESP

Transport	AH

45.5.2 Security Parameter Index (SPI)

To edit this menu, move the cursor to the Edit Manual Setup field in Menu 27.1.1 – IPSec Setup press [SPACE BAR] to select Yes and then press [ENTER] to go to Menu 27.1.1.2 – Manual Setup.

443	Chapter 45 VPN/IPSec Setup