ZyWALL 5/35/70 Series User’s Guide
Table 102 VPN Rules (IKE): Network Policy Edit (continued)
LABEL | DESCRIPTION |
|
|
Starting IP Address | When the Address Type field is configured to Single Address, enter a (static) |
| IP address on the LAN behind your ZyWALL. When the Address Type field is |
| configured to Range Address, enter the beginning (static) IP address, in a |
| range of computers on the LAN behind your ZyWALL. When the Address Type |
| field is configured to Subnet Address, this is a (static) IP address on the LAN |
| behind your ZyWALL. |
Ending IP Address/ | When the Address Type field is configured to Single Address, this field is N/A. |
Subnet Mask | When the Address Type field is configured to Range Address, enter the end |
| (static) IP address, in a range of computers on the LAN behind your ZyWALL. |
| When the Address Type field is configured to Subnet Address, this is a subnet |
| mask on the LAN behind your ZyWALL. |
Local Port | 0 is the default and signifies any port. Type a port number from 0 to 65535 in the |
| Start and End fields. Some of the most common IP ports are: 21, FTP; 53, DNS; |
| 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3. |
Remote Network | Remote IP addresses must be static and correspond to the remote IPSec |
| router's configured local IP addresses. |
| Two active SAs cannot have the local and remote IP address(es) both the same. |
| Two active SAs can have the same local or remote IP address, but not both. |
| You can configure multiple SAs between the same local and remote IP |
| addresses, as long as only one is active at any time. |
Address Type | Use the |
| Subnet Address. Select Single Address with a single IP address. Select |
| Range Address for a specific range of IP addresses. Select Subnet Address |
| to specify IP addresses on a network by their subnet mask. |
Starting IP Address | When the Address Type field is configured to Single Address, enter a (static) |
| IP address on the network behind the remote IPSec router. When the Addr Type |
| field is configured to Range Address, enter the beginning (static) IP address, in |
| a range of computers on the network behind the remote IPSec router. When the |
| Address Type field is configured to Subnet Address, enter a (static) IP |
| address on the network behind the remote IPSec router. |
Ending IP Address/ | When the Address Type field is configured to Single Address, this field is N/A. |
Subnet Mask | When the Address Type field is configured to Range Address, enter the end |
| (static) IP address, in a range of computers on the network behind the remote |
| IPSec router. When the Address Type field is configured to Subnet Address, |
| enter a subnet mask on the network behind the remote IPSec router. |
Remote Port | 0 is the default and signifies any port. Type a port number from 0 to 65535 in the |
| Start and End fields. Some of the most common IP ports are: 21, FTP; 53, DNS; |
| 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3. |
IPSec Proposal |
|
|
|
Encapsulation Mode | Select Tunnel mode or Transport mode. |
|
|
Active Protocol | Select the security protocols used for an SA. |
| Both AH and ESP increase processing requirements and communications |
| latency (delay). |
Encryption Algorithm | When DES is used for data communications, both sender and receiver must |
| know the same secret key, which can be used to encrypt and decrypt the |
| message or to generate and verify a message authentication code. The DES |
| encryption algorithm uses a |
| that uses a |
| requires more processing power, resulting in increased latency and decreased |
| throughput. This implementation of AES uses a |
| 3DES. Select NULL to set up a tunnel without encryption. When you select |
| NULL, you do not enter an encryption key. |
323 | Chapter 19 VPN Screens |