Chapter 18 VPN Screens
Table 96 Edit VPN Policies
LABEL | DESCRIPTION |
Secure Gateway | Type the WAN IP address or the URL (up to 31 characters) of the IPSec router |
Address | with which you're making the VPN connection. Set this field to 0.0.0.0 if the |
| remote IPSec router has a dynamic WAN IP address (the Key Management field |
| must be set to IKE). |
| In order to have more than one active rule with the Secure Gateway Address |
| field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between |
| rules. |
| If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field |
| and the LAN’s full IP address range as the local IP address, then you cannot |
| configure any other active rules with the Secure Gateway Address field set to |
| 0.0.0.0. |
|
|
Security Protocol |
|
|
|
VPN Protocol | Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP |
| protocol (RFC 2406) provides encryption as well as some of the services offered |
| by AH. If you select ESP here, you must select options from the Encryption |
| Algorithm and Authentication Algorithm fields (described below). |
|
|
Click the button to use a | |
| shared key. A |
| IKE negotiation. It is called |
| another party before you can communicate with them over a secure connection. |
| Type from 8 to 31 |
| |
| x), which is not counted as part of the 16 to 62 character range for the key. For |
| example, in "0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal |
| and “0123456789ABCDEF” is the key itself. |
| Both ends of the VPN tunnel must use the same |
| a “PYLD_MALFORMED” (payload malformed) packet if the same |
| is not used on both ends. |
|
|
Certificate | Click the button to use a certificate for authentication. Select the certificate you |
| want to use from the list. You can create, import and configure certificates in the |
| Security > Certificates screens, or click the My Certificates link. |
|
|
My Certificates | Click this to go to the Security > Certificates > My Certificates screen. If you do |
| not click Apply first, your VPN settings will not be saved. |
|
|
Encryption | Select DES, 3DES, AES or NULL from the |
Algorithm | When you use one of these encryption algorithms for data communications, both |
| the sending device and the receiving device must use the same secret key, which |
| can be used to encrypt and decrypt the message or to generate and verify a |
| message authentication code. The DES encryption algorithm uses a |
| Triple DES (3DES) is a variation on DES that uses a |
| 3DES is more secure than DES. It also requires more processing power, resulting |
| in increased latency and decreased throughput. This implementation of AES |
| uses a |
| Select NULL to set up a tunnel without encryption. When you select NULL, you |
| do not enter an encryption key. |
|
|
Authentication | Select SHA1 or MD5 from the |
Algorithm | SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet |
| data. The SHA1 algorithm is generally considered stronger than MD5, but is |
| slower. Select MD5 for minimal security and |
|
|
Advanced Setup | Click Advanced to configure more detailed settings of your IKE key |
| management. |
|
|
Back | Click Back to return to the previous screen. |
|
|
Apply | Click Apply to save your changes back to the ZyXEL Device. |
|
|
| 249 |
|
|