beautypg.com

ZyXEL Communications ZyXEL ZyWALL 2WG User Manual

Page 278

background image

Chapter 14 IPSec VPN

ZyWALL 2WG User’s Guide

278

Starting IP Address

When the Address Type field is configured to Single Address, enter a (static)

IP address on the LAN behind your ZyWALL. When the Address Type field is

configured to Range Address, enter the beginning (static) IP address, in a

range of computers on the LAN behind your ZyWALL. When the Address Type

field is configured to Subnet Address, this is a (static) IP address on the LAN

behind your ZyWALL.

Ending IP Address/

Subnet Mask

When the Address Type field is configured to Single Address, this field is N/A.

When the Address Type field is configured to Range Address, enter the end

(static) IP address, in a range of computers on the LAN behind your ZyWALL.

When the Address Type field is configured to Subnet Address, this is a

subnet mask on the LAN behind your ZyWALL.

Local Port

0 is the default and signifies any port. Type a port number from 0 to 65535 in the

Start and End fields. Some of the most common IP ports are: 21, FTP; 53,

DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.

Remote Network

Remote IP addresses must be static and correspond to the remote IPSec

router's configured local IP addresses.
Two active SAs cannot have the local and remote IP address(es) both the

same. Two active SAs can have the same local or remote IP address, but not

both. You can configure multiple SAs between the same local and remote IP

addresses, as long as only one is active at any time.

Address Type

Use the drop-down list box to choose Single Address, Range Address, or

Subnet Address. Select Single Address with a single IP address. Select

Range Address for a specific range of IP addresses. Select Subnet Address

to specify IP addresses on a network by their subnet mask.

Starting IP Address

When the Address Type field is configured to Single Address, enter a (static)

IP address on the network behind the remote IPSec router. When the Addr

Type field is configured to Range Address, enter the beginning (static) IP

address, in a range of computers on the network behind the remote IPSec

router. When the Address Type field is configured to Subnet Address, enter a

(static) IP address on the network behind the remote IPSec router.

Ending IP Address/

Subnet Mask

When the Address Type field is configured to Single Address, this field is N/A.

When the Address Type field is configured to Range Address, enter the end

(static) IP address, in a range of computers on the network behind the remote

IPSec router. When the Address Type field is configured to Subnet Address,

enter a subnet mask on the network behind the remote IPSec router.

Remote Port

0 is the default and signifies any port. Type a port number from 0 to 65535 in the

Start and End fields. Some of the most common IP ports are: 21, FTP; 53,

DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.

IPSec Proposal

Encapsulation Mode Select Tunnel mode or Transport mode.

Active Protocol

Select the security protocols used for an SA.
Both AH and ESP increase processing requirements and communications

latency (delay).

Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA. Choices

are:
NULL - no encryption key or algorithm
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
AES - a 128-bit key with the AES encryption algorithm
The ZyWALL and the remote IPSec router must use the same algorithms and

keys. Longer keys require more processing power, resulting in increased

latency and decreased throughput.

Table 85 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy (continued)

LABEL

DESCRIPTION