ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual

Page 509

background image

ZyWALL 2 Series User’s Guide

VPN/IPSec Setup

37-3

Table 37-1 Menu 27.1: IPSec Summary

FIELD DESCRIPTION EXAMPLE

Name

This field displays the unique identification name for this VPN rule. The
name may be up to 32 characters long but only 10 characters will be
displayed here.

Taiwan

A

Y signifies that this VPN rule is active.

Y

Local Addr
Start

When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to
Single, this is a static IP address on the LAN behind your ZyWALL.

When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to
Range, this is the beginning (static) IP address, in a range of computers
on the LAN behind your ZyWALL.

When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to
SUBNET, this is a static IP address on the LAN behind your ZyWALL.

192.168.1.35

Addr End /
Mask

When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to
Single, this is the same (static) IP address as in the Local Addr Start
field.
When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to
Range, this is the end (static) IP address, in a range of computers on the
LAN behind your ZyWALL.
When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to
SUBNET, this is a subnet mask on the LAN behind your ZyWALL.

192.168.1.38

Encap

This field displays Tunnel mode or Transport mode. See earlier for a
discussion of these. You need to finish configuring the VPN policy in menu
27.1.1.1 or 27.1.1.2 if ??? is displayed.

Tunnel

IPSec
Algorithm

This field displays the security protocols used for an SA. ESP provides
confidentiality and integrity of data by encrypting the data and
encapsulating it into IP packets. Encryption methods include 56-bit DES,
168-bit 3DES and 128-bit AES. NULL denotes a tunnel without
encryption.

AH (Authentication Header) provides strong integrity and authentication
by adding authentication information to IP packets. This authentication
information is calculated using header and payload data in the IP packet.
This provides an additional level of security. AH choices are MD5 (default
- 128 bits) and SHA -1(160 bits).

Both AH and ESP increase the ZyWALL’s processing requirements and
communications latency (delay).

You need to finish configuring the VPN policy in menu 27.1.1.1 or 27.1.1.2
if ??? is displayed.

ESP DES MD5

See also other documents in the category ZyXEL Communications Hardware: