beautypg.com

Figure 532 routing command example – ZyXEL Communications 5 Series User Manual

Page 805

background image

ZyWALL 5/35/70 Series User’s Guide

Appendix K Command Interpreter

805

Setting the Key Length for Phase 2 IPSec AES Encryption

By default the ZyWALL uses a 128 bit AES encryption key for phase 2 IPSec tunnels. Use
this command to edit an existing VPN rule to use a longer AES encryption key.

See the following example. Say you have a VPN rule one that uses AES for the phase 2
encryption and you want it to use 192 bit encryption.

• Use the first line to start editing the VPN rule.

• The second line sets VPN rule one to use 192 bit AES for the phase 2 encryption.

• The third line displays the results.

Figure 532 Routing Command Example

Syntax:

ipsec ipsecConfig encryKeyLen <0:128 | 1:192 | 2:256>

ras> ipsec ipsecEdit 1

ras> ipsec ipsecConfig encryKeyLen 1

ras> ipsec ipsecDisplay

---------- IPSec Setup ----------

Index #= 1 Active= No Multi Pro = No Protocol= 0 Global SW= 0xA

Bound IKE 9999 NailUp = No Netbios = No Name= test

ControlPing = No LogControlPing = No Control ping address = 0.0.0.0

Local: Addr Type= SINGLE Port Start= 0 End= N/A

IP Addr Start= 0.0.0.0 Mask= N/A

Remote: Addr Type= SINGLE Port Start= 0 End= N/A

IP Addr Start= 0.0.0.0 Mask= N/A

Enable Replay Detection= No Key Management= IKE

Phase 2 - Active Protocol= ESP

Encryption Algorithm= AES Authentication Algorithm= SHA1

Encryption Key Length = 192

SA Life Time (Seconds)= 28800

Encapsulation= Tunnel Perfect Forward Secrecy (PFS)= None

ras>

See also other documents in the category ZyXEL Communications Hardware: