ZyWALL 5/35/70 Series User’s Guide

Table 19 VPN Wizard: VPN Status (continued)

LABEL

DESCRIPTION

 

 

Name

This is the name of this VPN network policy.

 

 

Network Policy

 

Setting

 

Local Network

 

 

 

Starting IP Address

This is a (static) IP address on the LAN behind your ZyWALL.

 

 

Ending IP Address/

When the local network is configured for a single IP address, this field is N/A.

Subnet Mask

When the local network is configured for a range IP address, this is the end

 

(static) IP address, in a range of computers on the LAN behind your ZyWALL.

 

When the local network is configured for a subnet, this is a subnet mask on the

 

LAN behind your ZyWALL.

Remote Network

 

 

 

Starting IP Address

This is a (static) IP address on the network behind the remote IPSec router.

 

 

Ending IP Address/

When the remote network is configured for a single IP address, this field is N/A.

Subnet Mask

When the remote network is configured for a range IP address, this is the end

 

(static) IP address, in a range of computers on the network behind the remote

 

IPSec router. When the remote network is configured for a subnet, this is a

 

subnet mask on the network behind the remote IPSec router.

IKE Tunnel Setting

 

(IKE Phase 1)

 

Negotiation Mode

This shows Main Mode or Aggressive Mode. Multiple SAs connecting through

 

a secure gateway must have the same negotiation mode.

Encryption Algorithm

This is the method of data encryption. Options can be DES, 3DES or AES.

 

 

Authentication

MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash

Algorithm

algorithms used to authenticate packet data.

Key Group

This is the key group you chose for phase 1 IKE setup.

 

 

SA Life Time

This is the length of time before an IKE SA automatically renegotiates.

(Seconds)

 

Pre-Shared Key

This is a pre-shared key identifying a communicating party during a phase 1 IKE

 

negotiation.

IPSec Setting (IKE

 

Phase 2)

 

Encapsulation Mode

This shows Tunnel mode or Transport mode.

 

 

IPSec Protocol

ESP or AH are the security protocols used for an SA.

 

 

Encryption Algorithm

This is the method of data encryption. Options can be DES, 3DES, AES or

 

NULL.

Authentication

MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash

Algorithm

algorithms used to authenticate packet data.

SA Life Time

This is the length of time before an IKE SA automatically renegotiates.

(Seconds)

 

Perfect Forward

Perfect Forward Secret (PFS) is disabled (None) by default in phase 2 IPSec SA

Secret (PFS)

setup. Otherwise, DH1 or DH2 are selected to enable PFS.

Back

Click Back to return to the previous screen.

 

 

Finish

Click Finish to complete and save the wizard setup.

 

 

97

Chapter 3 Wizard Setup