beautypg.com

ZyXEL Communications ZyXEL ZyAIR 100 User Manual

Page 220

background image

ZyWALL 10~100 Series Internet Security Gateway

15-14

VPN

Screens

Table 15-7 VPN IKE

LABEL DESCRIPTION

Content

When you select IP in the Peer ID Type field, type the IP address of the computer
with which you will make the VPN connection in the peer Content field. The ZyWALL
automatically uses the address in the Secure Gateway Addr field (refer to the
Secure Gateway Addr field description) if you configure the peer Content field to
0.0.0.0 or leave it blank.

It is recommended that you type an IP address other than 0.0.0.0 in the peer
Content field or use the DNS or E-mail ID type in the following situations.

When there is a NAT router between the two IPSec routers.

When you want the ZyWALL to distinguish between VPN connection
requests that come in from remote IPSec routers with dynamic WAN IP
addresses.

When you select DNS or E-mail in the Peer ID Type field, type a domain name or e-
mail address by which to identify the remote IPSec router in the peer Content field.
Use up to 31 ASCII characters including spaces, although trailing spaces are
truncated. The domain name or e-mail address is for identification purposes only and
can be any string.

Secure Gateway
Addr.

Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with
which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec
router has a dynamic WAN IP address (the Key Management field must be set to
IKE).

Encapsulation
Mode

Select Tunnel mode or Transport mode from the drop-down list box.

ESP

Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP
protocol (RFC 2406) provides encryption as well as some of the services offered by
AH. If you select ESP here, you must select options from the Encryption Algorithm
and Authentication Algorithm fields (described below).

Encryption
Algorithm

Select DES, 3DES or NULL from the drop-down list box.

When DES is used for data communications, both sender and receiver must know
the same secret key, which can be used to encrypt and decrypt the message or to
generate and verify a message authentication code. The DES encryption algorithm
uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key.
As a result, 3DES is more secure than DES. It also requires more processing power,
resulting in increased latency and decreased throughput. Select NULL to set up a
tunnel without encryption. When you select NULL, you do not enter an encryption
key.

See also other documents in the category ZyXEL Communications Hardware: