ZyXEL Communications 650 Series User Manual
Page 184
Prestige 650 Series User’s Guide
16-12
VPN
Screens
Table 16-7 VPN IKE
LABEL
DESCRIPTION
Content When you select IP in the Peer ID Type field, type the IP address of the computer
with which you will make the VPN connection or leave the field blank to have the
Prestige automatically use the address in the Secure Gateway Address field.
When you select DNS in the Peer ID Type field, type a domain name (up to 31
characters) by which to identify the remote IPSec router.
When you select E-mail in the Peer ID Type field, type an e-mail address (up to 31
characters) by which to identify the remote IPSec router.
The domain name or e-mail address that you use in the Content field is used for
identification purposes only and does not need to be a real domain name or e-mail
address. The domain name also does not have to match the remote router's IP
address or what you configure in the Secure Gateway Address field.
Secure Gateway
Address
Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with
which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec
router has a dynamic WAN IP address (the IPSec Key Mode field must be set to
IKE).
Security Protocol
VPN Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP
protocol (RFC 2406) provides encryption as well as some of the services offered by
AH. If you select ESP here, you must select options from the VPN Setup and
Authentication Algorithm fields (described next).
Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating
party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to
share it with another party before you can communicate with them over a secure
connection. Multiple SAs connecting through a secure gateway must have the same
pre-shared key.
Encryption
Algorithm
Select DES, 3DES or NULL from the drop-down list box.
When DES is used for data communications, both sender and receiver must know
the same secret key, which can be used to encrypt and decrypt the message or to
generate and verify a message authentication code. The DES encryption algorithm
uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key.
As a result, 3DES is more secure than DES. It also requires more processing power,
resulting in increased latency and decreased throughput. Select NULL to set up a
tunnel without encryption. When you select NULL, you do not enter an encryption
key.