Filter
Top Products
ZyWALL 2 and ZyWALL 2WE
27-18 VPN/IPSec Setup
Table 27-8 Advanced IKE VPN Rule Setup
LABEL DESCRIPTION
Secure Gateway
Address
Type the WAN IP address or the URL (up to 31 characters) of the remote secure
gateway with which you're making the VPN connection. Set this field to 0.0.0.0 if the
remote secure gateway has a dynamic WAN IP address (the Key Management field
must be set to IKE).
Peer ID Type
Select IP to identify the remote IPSec router by its IP address.
Select DNS to identify the remote IPSec router by a domain name.
Select E-mail to identify the remote IPSec router by an e-mail address.
Peer Content
When you select IP in the Peer ID Type field, type the IP address of the computer with
which you will make the VPN connection or leave the field blank to have the ZyWALL
automatically use the address in the Secure Gateway field.
When you select DNS in the Peer ID Type field, type a domain name (up to 31
characters) by which to identify the remote IPSec router.
When you select E-mail in the Peer ID Type field, type an e-mail address (up to 31
characters) by which to identify the remote IPSec router.
The domain name or e-mail address that you use in the Content field is used for
identification purposes only and does not need to be a real domain name or e-mail
address. The domain name also does not have to match the remote router's IP address
or what you configure in the Secure Gateway Addr field below.
IKE Phase 1 A phase 1 exchange establishes an IKE SA (Security Association).
Negotiation Mode
Select Main or Aggressive from the drop-down list box. The ZyWALL's negotiation
mode should be identical to that on the remote secure gateway.
Encryption Algorithm
Select DES or 3DES from the drop-down list box. The ZyWALL's encryption algorithm
should be identical to the secure remote gateway. When DES is used for data
communications, both sender and receiver must know the same secret key, which can
be used to encrypt and decrypt the message. The DES encryption algorithm uses a 56-
bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result,
3DES is more secure than DES. It also requires more processing power, resulting in
increased latency and decreased throughput.
Authentication
Algorithm
Select SHA1 or MD5 from the drop-down list box. The ZyWALL's authentication
algorithm should be identical to the secure remote gateway. MD5 (Message Digest 5)
and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate the
source and integrity of packet data. The SHA1 algorithm is generally considered
stronger than MD5, but is slower. Select SHA-1 for maximum security.