Chapter 18 VPN Screens

 

Table 98 VPN: Manual Key (continued)

 

LABEL

DESCRIPTION

 

My IP Address

Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be

 

 

rebuilt if this IP address changes.

 

 

The following applies if this field is configured as 0.0.0.0:

 

 

The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or

 

 

dynamic) to set up the VPN tunnel.

 

 

If the WAN connection goes down, the ZyXEL Device uses the dial backup IP

 

 

address for the VPN tunnel when using dial backup or the LAN IP address when

 

 

using traffic redirect. See Chapter 7 on page 93 for details on dial backup and

 

 

traffic redirect.

 

 

 

 

Secure Gateway

Type the WAN IP address or the URL (up to 31 characters) of the IPSec router

 

Address

with which you're making the VPN connection.

 

 

 

 

Security Protocol

 

 

 

 

 

IPSec Protocol

Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP

 

 

protocol (RFC 2406) provides encryption as well as some of the services offered

 

 

by AH. If you select ESP here, you must select options from the Encryption

 

 

Algorithm and Authentication Algorithm fields (described next).

 

Encryption

Select DES, 3DES or NULL from the drop-down list box.

 

Algorithm

When DES is used for data communications, both sender and receiver must

 

 

know the same secret key, which can be used to encrypt and decrypt the

 

 

message or to generate and verify a message authentication code. The DES

 

 

encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES

 

 

that uses a 168-bit key. As a result, 3DES is more secure than DES. It also

 

 

requires more processing power, resulting in increased latency and decreased

 

 

throughput. Select NULL to set up a tunnel without encryption. When you select

 

 

NULL, you do not enter an encryption key.

 

 

 

 

Encapsulation Key

With DES, type a unique key 8 characters long. With 3DES, type a unique key 24

 

(only with ESP)

characters long. Any characters may be used, including spaces, but trailing

 

 

spaces are truncated.

 

 

 

 

Authentication

Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and

 

Algorithm

SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet

 

 

data. The SHA1 algorithm is generally considered stronger than MD5, but is

 

 

slower. Select MD5 for minimal security and SHA-1for maximum security.

 

Authentication Key

Type a unique authentication key to be used by IPSec if applicable. Enter 16

 

 

characters for MD5 authentication or 20 characters for SHA-1authentication. Any

 

 

characters may be used, including spaces, but trailing spaces are truncated.

 

 

 

 

Back

Click Back to return to the previous screen.

 

 

 

 

Apply

Click Apply to save your changes back to the ZyXEL Device.

 

 

 

18.16 Viewing SA Monitor

Click Security, VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and manage active VPN connections.

A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections. This screen is read-only. The following table describes the fields in this tab.

 

257

P-2602H(W)(L)-DxA User’s Guide