5 configuring manual key – ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H User Manual

P-793H User’s Guide

Chapter 11 IPSec VPN

173

11.5 Configuring Manual Key

You only configure VPN Manual Key when you select Manual in the IPSec Key Mode field
on the VPN IKE screen. This is the VPN Manual Key screen as shown next.

SA Life Time

(Seconds)

Enter the length of time before the ZyXEL Device automatically renegotiates the

IPSec SA. It may range from 60 to 3,000,000 seconds (almost 35 days).
A low value increases security by forcing the two VPN gateways to update the

encryption and authentication keys. However, every time the IPSec SA is

renegotiated, all users accessing remote resources are temporarily disconnected.

Encapsulation Select the encapsulation. Select Tunnel, unless the remote IPSec router only

supports Transport. The ZyXEL Device and remote IPSec router must use the

same encapsulation.

Perfect Forward

Secrecy (PFS)

Select whether or not you want to enable Perfect Forward Secrecy (PFS) and, if

so, which DH key group you want to use for the DH key exchange. The longer the

key group, the stronger the encryption, but also the more processing is required.
NONE disables PFS. This allows faster setup, but it is not as secure.
DH1 enables PFS and uses Diffie-Hellman Group 1, a 768-bit random number.
DH2 enables PFS and uses Diffie-Hellman Group 2, a 1024-bit random number.

Apply

Click Apply to save your changes back to the ZyXEL Device and return to the

VPN-IKE screen.

Cancel

Click Cancel to return to the previous screen without saving your changes.

Table 52 VPN > Setup > Edit > Advanced (continued)

LABEL

DESCRIPTION