Filter
Top Products
Chapter 14 IPSec VPN
ZyWALL 2WG User’s Guide
311
Figure 198 IPSec High Availability
When setting up an IPSec high availability VPN tunnel, the remote IPSec router:
• Must have multiple WAN connections
• Only needs one corresponding IPSec rule
• Should only have IPSec high availability settings in its corresponding IPSec rule if your
ZyWALL has multiple WAN connections
• Should ideally identify itself by a domain name or dynamic domain name (it must
otherwise have My Address set to 0.0.0.0)
• Should use a WAN connectivity check to this ZyWALL’s WAN IP address
If the remote IPSec router is not a ZyWALL, you may also want to avoid setting the IPSec rule
to nailed up.
14.4.3 Encryption and Authentication Algorithms
In most ZyWALLs, you can select one of the following encryption algorithms for each
proposal. The encryption algorithms are listed here in order from weakest to strongest.
• Data Encryption Standard (DES) is a widely used (but breakable) method of data
encryption. It applies a 56-bit key to each 64-bit block of data.
• Triple DES (3DES) is a variant of DES. It iterates three times with three separate keys,
effectively tripling the strength of DES.
• Advanced Encryption Standard (AES) is a newer method of data encryption that also uses
a secret key. AES applies a 128-bit key to 128-bit blocks of data. It is faster than 3DES.
Use the commands to have the AES encryption apply 192-bit or 256-bit keys to 128-bit blocks
of data.
You can select one of the following authentication algorithms for each proposal. The
algorithms are listed here in order from weakest to strongest.
• MD5 (Message Digest 5) produces a 128-bit digest to authenticate packet data.
• SHA1 (Secure Hash Algorithm) produces a 160-bit digest to authenticate packet data.