ZyWALL 2 Series User’s Guide

 

Table 14-9 VPN Manual Setup

 

 

LABEL

DESCRIPTION

 

 

Secure Gateway

Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with

Addr

which you're making the VPN connection.

 

 

SPI

Type a unique SPI (Security Parameter Index) from one to four characters long. Valid

 

Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".

 

 

Encapsulation

Select Tunnel mode or Transport mode from the drop-down list box.

Mode

 

 

 

ESP

Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP

 

protocol (RFC 2406) provides encryption as well as some of the services offered by

 

AH. If you select ESP here, you must select options from the Encryption Algorithm

 

and Authentication Algorithm fields (described next).

Encryption

Select DES, 3DES or NULL from the drop-down list box.

Algorithm

When DES is used for data communications, both sender and receiver must know

 

 

the Encryption Key, which can be used to encrypt and decrypt the message or to

 

generate and verify a message authentication code. The DES encryption algorithm

 

uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key.

 

As a result, 3DES is more secure than DES. It also requires more processing power,

 

resulting in increased latency and decreased throughput. Select NULL to set up a

 

tunnel without encryption. When you select NULL, you do not enter an encryption

 

key.

 

 

Authentication

Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and

Algorithm

SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet

 

data. The SHA1 algorithm is generally considered stronger than MD5, but is slower.

 

Select MD5 for minimal security and SHA-1for maximum security.

AH

Select AH if you want to use AH (Authentication Header Protocol). The AH protocol

 

(RFC 2402) was designed for integrity, authentication, sequence integrity (replay

 

resistance), and non-repudiation but not for confidentiality, for which the ESP was

 

designed. If you select AH here, you must select options from the Authentication

 

Algorithm field (described next).

Authentication

Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and

Algorithm

SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet

 

data. The SHA1 algorithm is generally considered stronger than MD5, but is slower.

 

Select MD5 for minimal security and SHA-1for maximum security.

Encryption Key

With DES, type a unique key 8 characters long. With 3DES, type a unique key 24

(Only with ESP)

characters long. Any characters may be used, including spaces, but trailing spaces

 

are truncated.

 

 

14-32

VPN Screens