beautypg.com

Viewing sa monitor, 15 viewing sa monitor – ZyXEL Communications ZyXEL ZyAIR 100 User Manual

Page 231

background image

ZyWALL 10~100 Series Internet Security Gateway

VPN Screens

15-25

Table 15-9 VPN Manual Setup

LABEL DESCRIPTION

AH

Select AH if you want to use AH (Authentication Header Protocol). The AH protocol
(RFC 2402) was designed for integrity, authentication, sequence integrity (replay
resistance), and non-repudiation but not for confidentiality, for which the ESP was
designed. If you select AH here, you must select options from the Authentication
Algorithm field (described next).

Authentication
Algorithm

Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and
SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet
data. The SHA1 algorithm is generally considered stronger than MD5, but is slower.
Select MD5 for minimal security and SHA-1 for maximum security.

Encryption Key
(Only with ESP)

With DES, type a unique key 8 characters long. With 3DES, type a unique key 24
characters long. Any characters may be used, including spaces, but trailing spaces
are truncated.

Authentication
Key

Type a unique authentication key to be used by IPSec if applicable. Enter 16
characters for MD5 authentication or 20 characters for SHA-1 authentication. Any
characters may be used, including spaces, but trailing spaces are truncated.

Apply

Click Apply to save your changes back to the ZyWALL.

Reset

Click Reset to begin configuring this screen afresh.

15.15 Viewing SA Monitor

In the web configurator, click VPN and the SA Monitor tab. Use this screen to display and manage active
VPN connections.

A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen
displays active VPN connections. Use Refresh to display active VPN connections. This screen is read-only.
The following table describes the fields in this tab.

When there is outbound traffic but no inbound traffic, the SA times out

automatically after two minutes. A tunnel with no outbound or inbound traffic is

"idle" and does not timeout until the SA lifetime period expires. See section 15.6 on

keep alive to have the ZyWALL renegotiate an IPSec SA when the SA lifetime

expires, even if there is no traffic.

See also other documents in the category ZyXEL Communications Hardware: