beautypg.com

6 ipsec sa overview, 1 local network and remote network, 2 active protocol – ZyXEL Communications 5 Series User Manual

Page 340

background image

ZyWALL 5/35/70 Series User’s Guide

340

Chapter 18 IPSec VPN

18.6 IPSec SA Overview

Once the ZyWALL and remote IPSec router have established the IKE SA, they can securely
negotiate an IPSec SA through which to send data between computers on the networks.

Note: The IPSec SA stays connected even if the underlying IKE SA is not available

anymore.

This section introduces the key components of an IPSec SA.

18.6.0.1 Local Network and Remote Network

In IPSec SA, the local network, the one(s) connected to the ZyWALL, may be called the local
policy. Similarly, the remote network, the one(s) connected to the remote IPSec router, may be
called the remote policy.

18.6.0.2 Active Protocol

The active protocol controls the format of each packet. It also specifies how much of each
packet is protected by the encryption and authentication algorithms. IPSec VPN includes two
active protocols, AH (Authentication Header, RFC 2402) and ESP (Encapsulating Security
Payload, RFC 2406).

Note: The ZyWALL and remote IPSec router must use the same active protocol.

Enable Multiple
Proposals

Select this to allow the ZyWALL to use any of its phase 1 key groups and
encryption and authentication algorithms when negotiating an IKE SA.

When you enable multiple proposals, the ZyWALL allows the remote IPSec router
to select which phase 1 key groups and encryption and authentication algorithms
to use for the IKE SA, even if they are less secure than the ones you configure for
the VPN rule.

Clear this to have the ZyWALL use only the configured phase 1 key groups and
encryption and authentication algorithms when negotiating an IKE SA.

Associated
Network Policies

The following table shows the policy(ies) you configure for this rule.

To add a VPN policy, click the add network policy (

) icon in the VPN Rules

(IKE) screen (see

Figure 172 on page 326

). Refer to

Section 18.7 on page 342

for

more information.

#

This field displays the policy index number.

Name

This field displays the policy name.

Local Network

This field displays one or a range of IP address(es) of the computer(s) behind the
ZyWALL.

Remote Network

This field displays one or a range of IP address(es) of the remote network behind
the remote IPsec router.

Apply

Click Apply to save your changes back to the ZyWALL.

Cancel

Click Cancel to exit this screen without saving.

Table 95 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy (continued)

LABEL

DESCRIPTION

See also other documents in the category ZyXEL Communications Hardware: