ZyWALL 5/35/70 Series User’s Guide
3.6 VPN Wizard IPSec Setting (IKE Phase 2)
Figure 29 VPN Wizard: IPSec Setting
The following table describes the labels in this screen.
Table 18 VPN Wizard: IPSec Setting
LABEL | DESCRIPTION |
|
|
Encapsulation Mode | Tunnel is compatible with NAT, Transport is not. |
| Tunnel mode encapsulates the entire IP packet to transmit it securely. A Tunnel |
| mode is required for gateway services to provide access to internal systems. |
| Tunnel mode is fundamentally an IP tunnel with authentication and encryption. |
| Transport mode is used to protect upper layer protocols and only affects the |
| data in the IP packet. In Transport mode, the IP packet contains the security |
| protocol (AH or ESP) located after the original IP header and options, but before |
| any upper layer protocols contained in the packet (such as TCP and UDP). |
IPSec Protocol | Select the security protocols used for an SA. |
| Both AH and ESP increase ZyWALL processing requirements and |
| communications latency (delay). |
Encryption Algorithm | When DES is used for data communications, both sender and receiver must |
| know the same secret key, which can be used to encrypt and decrypt the |
| message or to generate and verify a message authentication code. The DES |
| encryption algorithm uses a |
| that uses a |
| requires more processing power, resulting in increased latency and decreased |
| throughput. This implementation of AES uses a |
| 3DES. Select NULL to set up a tunnel without encryption. When you select |
| NULL, you do not enter an encryption key. |
Authentication | MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash |
Algorithm | algorithms used to authenticate packet data. The SHA1 algorithm is generally |
| considered stronger than MD5, but is slower. Select MD5 for minimal security |
| and |
Chapter 3 Wizard Setup | 98 |