ZyWALL 2 Series User’s Guide

Table 14-1 AH and ESP

ESP

AH

 

 

DES (default)

MD5 (default)

Data Encryption Standard (DES) is a widely used method

MD5 (Message Digest 5) produces a 128-bit

of data encryption using a private (secret) key. DES

digest to authenticate packet data.

applies a 56-bit key to each 64-bit block of data.

 

 

 

3DES

SHA1

Triple DES (3DES) is a variant of DES, which iterates

SHA1 (Secure Hash Algorithm) produces a

three times with three separate keys (3 x 56 = 168 bits),

160-bit digest to authenticate packet data.

effectively doubling the strength of DES.

 

 

 

AES

 

Advanced Encryption Standard is a newer method of data

 

encryption that also uses a secret key. This

 

implementation of AES applies a 128-bit key to 128-bit

 

blocks of data. AES is faster than 3DES.

 

 

 

Select DES for minimal security and 3DES or AES for

Select MD5 for minimal security and SHA-1for

maximum. Select NULL to set up a tunnel without

maximum security.

encryption.

 

 

 

14.3 My IP Address

My IP Address is the WAN IP address of the ZyWALL. The ZyWALL has to rebuild the VPN tunnel if the My IP Address changes after setup.

The following applies if this field is configured as 0.0.0.0:

The ZyWALL uses the current ZyWALL WAN IP address (static or dynamic) to set up the VPN tunnel.

If the WAN connection goes down, the ZyWALL uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using traffic redirect. See the chapter on WAN for details on dial backup and traffic redirect.

14.4 Secure Gateway Address

Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure gateway).

If the remote secure gateway has a static WAN IP address, enter it in the Secure Gateway Address field. You may alternatively enter the remote secure gateway’s domain name (if it has one) in the Secure Gateway Address field.

14-2

VPN Screens