Chapter 4 Wizard Setup

Figure 39 VPN Advanced Wizard: Step 3

The following table describes the labels in this screen.

Table 19 VPN Advanced Wizard: Step 3

LABEL

DESCRIPTION

Negotiation Mode

Select Main for identity protection. Select Aggressive to allow more incoming

 

connections from dynamic IP addresses to use separate passwords.

 

Note: Multiple SAs (security associations) connecting through a

 

secure gateway must have the same negotiation mode.

 

 

Encryption

When DES is used for data communications, both sender and receiver must

Algorithm

know the same secret key, which can be used to encrypt and decrypt the

 

message or to generate and verify a message authentication code. The DES

 

encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES

 

that uses a 168-bit key. As a result, 3DES is more secure than DES. It also

 

requires more processing power, resulting in increased latency and decreased

 

throughput. AES128 uses a 128-bit key and is faster than 3DES. AES192 uses

 

a 192-bit key and AES256 uses a 256-bit key. Select Null to have no

 

encryption.

 

 

Authentication

MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash

Algorithm

algorithms used to authenticate packet data. The SHA1 algorithm is generally

 

considered stronger than MD5, but is slower. Select MD5 for minimal security

 

and SHA1 for maximum security.

Key Group

You must choose a key group for phase 1 IKE setup. DH1 (default) refers to

 

Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman

 

Group 2 a 1024 bit (1Kb) random number. DH5 refers to Diffie-Hellman Group 5

 

a 1536 bit random number.

104

 

ZyWALL USG 300 User’s Guide