ZyXEL Communications 10 User Manual
Page 378
![background image](/manuals/228934/378/background.png)
ZyWALL 10~100 Series Internet Security Gateway
29-20
VPN/IPSec
Setup
Table 29-9
Menu 27.1.1.1: IKE Setup
FIELD DESCRIPTION
EXAMPLE
Encryption
Algorithm
When DES is used for data communications, both sender and receiver must
know the same secret key, which can be used to encrypt and decrypt the
message or to generate and verify a message authentication code. ZyWALL
DES encryption algorithm uses a 56-bit key.
Triple DES (3DES), is a variation on DES that uses a 168-bit key. As a result,
3DES is more secure than DES. It also requires more processing power,
resulting in slightly increased latency and decreased throughput.
Press [SPACE BAR] to choose from 3DES or DES and then press [ENTER].
DES
Authentication
Algorithm
MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash
algorithms used to authenticate packet data. The SHA1 algorithm is generally
considered stronger than MD5, but is slightly slower.
Press [SPACE BAR] to choose from SHA1 or MD5 and then press [ENTER].
SHA1
SA Life Time
(Seconds)
Define the length of time before an IKE Security Association automatically
renegotiates in this field. It may range from 60 to 3,000,000 seconds (almost
35 days).
A short SA Life Time increases security by forcing the two VPN gateways to
update the encryption and authentication keys. However, every time the VPN
tunnel renegotiates, all users accessing remote resources are temporarily
disconnected.
28800
(default)
Key Group You must choose a key group for phase 1 IKE setup. DH1 (default) refers to
Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman
Group 2 a 1024 bit (1Kb) random number.
DH1
Phase 2
Active Protocol Press [SPACE BAR] to choose from ESP or AH and then press [ENTER]. See
earlier for a discussion of these protocols.
ESP
Encryption
Algorithm
Press [SPACE BAR] to choose from NULL, 3DES or DES and then press
[ENTER]. Select NULL to set up a tunnel without encryption.
DES
Authentication
Algorithm
Press [SPACE BAR] to choose from SHA1 or MD5 and then press [ENTER].
MD5
SA Life Time
(Seconds)
Define the length of time before an IPSec Security Association automatically
renegotiates in this field. It may range from 60 to 3,000,000 seconds (almost
35 days).
28800
(default)
Encapsulation Press [SPACE BAR] to choose from Tunnel mode or Transport mode and
then press [ENTER]. See earlier for a discussion of these.
Tunnel
- ISDN Terminal Adapter Omni.Net Lite
- ZYAIR G-360 V2
- DMA-1000 Series
- PLA-450
- EXT-108
- P-2602HWLNI
- ZyXEL ZyWALL 2WG
- P841C
- Network Device P-2302
- P-870M-I
- P-661HW Series
- Prestige 310
- 802.11g Wireless Access Point ZyXEL G-560
- P-2602HW
- Prestige 2602R Series
- 5 Series
- Prestige 623ME-T
- omni.net LCD series
- ZyXEL ZyAIR B-1000
- P-2302HWUDL-P1 Series
- ZyXEL ZyWALL 5
- Prestige 645R
- ZYWALL IDP 10
- 802.11g Wireless Firewall Router P-320W
- PRESTIGE 660R-6XC
- 56K Plus II
- P-2802HW-i
- ZYAIR AG-200
- POWERLINE PL-100
- HomePlug AV DMA-1100P
- Access Router P-660R-T
- omni.net LCD+M
- G-162
- PL-100
- ZyXEL ZyAIR A-6000
- ZyXEL ZyAIR AG-225H
- 2304R-P1
- XTREMEMIMO M-302
- nbg334s
- P-793H 601156
- Ethernet Extension Card EEC1020
- P-871M
- Prestige 128L
- P-2812HNU-51c
- ZyWALL SSL 10
- NWD2105
- G-302 V3
- G-302 V3
- COMPACT P-660R
- Internet Security Gateway 10~100 Series
- AG-100
- P-872H
- Prestige 304
- P-2302R-P1 Series
- 802.11g Wireless VDSL2 4-port Gateway P-870HW-I1
- ZyXEL ZyWALL 35
- PRESTIGE 2602HW
- P-660RU-T V2
- P-660RU-T V2
- 65-100-060607B
- Prestige 650HW
- P-662H-D
- ZyXEL ZyAIR B-4000
- ZYAIR G-300
- Network Device 56K
- PRESTIGE 334
- Prestige 100WH
- Prestige 1600
- G-102
- PLA-407
- P-971M
- NSA-2400
- NSA-2400
- P-660H Series
- P-2602H
- AG-120
- AG-220
- P-662H
- 2864I
- ZyWALL 70
- P-2802HW(L)-IX
- PRESTIGE 324
- Parental Control Gateway HS100/HS100W
- 202H
- P-2602RL-DxA Series
- PRESTIGE 128
- Prestige 941
- P-2301
- PLA470 V2
- Prestige 202
- P-660H-T Series
- ZyXEL ZyAIR G-2000
- Prestige 645R-A Series
- P-660HW-TX V3
- ZyXEL ZyAIR AG-225H v2
- Internet Security Gateway ZyWALL 2 Series
- Prestige 128IMH
- P-660N-T1A
- Network Storage Appliance NSA-220
- PLA-470
- PLA-470
- G.SHDSL.bis Router P-791R v2
- 802.11G
- 401
- 660H Series
- Bridge/Router G-2000s
- WiMAX XOHM
- P-2302HW-P1 Series
- 2002 Series
- P-334
- PLA402 v2
- NWD-270N
- PLA-401 v3
- P-662HW-D
- ADSL2+ Ethernet Gateway P-660R-T Series
- P-334W
- ZyXEL XtremeMIMO M-102
- ZyXEL XtremeMIMO M-302
- 35 Series
- P-335WT
- OMNI 56K
- NBG410W3G Series
- Prestige 28641
- NWA3550
- PRESTIGE 153X
- ZyXEL ZyWALL 30W
- Prestige 642R Series
- NWA-3163
- ISDN Internet Access Router 202H Plus
- ZyXEL ZyAIR G-405
- P-660HW-Dx v2
- 802.11g Wireless Firewall Router 1-P-320W
- NWD210N
- NWD210N
- ZyXEL ZyAIR B-400
- ADSL2+ 4-port Gateway P-660H-D1
- VDSL2 Line Card VLC1324G
- PRESTIGE 871
- ZyXEL ZyWALL IDP 10
- ZyXEL ZyAIR 100
- NWA3160
- P-320W
- ZyXEL AG-220
- ZYWALL USG 1000
- PLA401 v2
- P-2608HWL-Dx Series
- Auto Configuration Server Vantage Access
- NBG318S v2
- NWA570N
- G-210H
- G-2000 Plus
- WPA-1000
- NBG-415N
- NBG-415N
- G.SHDSL.bis 4-port Security Gateway P-793H
- PLA450 Series
- P-660H-D Series
- P-663H-51
- ZyXEL ZyAIR B-120
- ADSL 2+ Gateway P-660HW-T1
- P-660R-T1/T3 V2
- Wireless LAN PCI Card B-300
- G-2000 Plus V2
- 802.11b/g Wireless Access Point NWA-1100
- ADSL VoIP IAD with 802.11g Wireless 2602HW Series
- ADSL/ADSL2/ADSL2+ Router 660R-6xC Series
- Internet Security Gateway ZyWALL 100
- Wireless LAN USB Adapter ZyAIR 200
- ZyXEL ZyAIR AG-320
- ZYWALL10
- 650 Series
- NBG334W
- NBG334W
- G-4100
- Prestige 630
- IES-612-51A
- ZyAIR G-220
- NBG334SH
- Prestige 650
- 802.11G WIRELESS P-334WT
- omni.net D
- FN-300 Series
- P-660RU-Tx v3s SERIES
- Network Device NXC-8160s
- P-792H v2
- P-2302R
- G-360
- G-360
- PLA-401
- P-660R-Tx v2 Series
- X6004
- ELITE 2864I
- MI-7248PWR
- 630
- P-660M
- 56K Plus Series
- 128MH
- ZyWALL 2 Plus
- G-270S
- 802.11a/g Wireless CardBus Card ZyXEL AG-120
- P-2002
- P-2602H-DXA
- ZYWALL 35
- ZyXEL ExpWave 240B
- NBG-419N
- PLA-400 v2
- P-660HW-D
- P-870HW Series
- Broadband Security Gateway P-312
- 802.11g Wireless ADSL2+ 4-port VoIP IAD P-2602HWNLI
- NWD-490
- Internet Security Appliance ZyWALL5UTM 4.0
- P-660HW-T v2
- Prestige 480
- ADSL2+ P-661H-D
- Omni TA128
- NBG-318S
- Prestige 643
- Prestige P-870HW-51a v2
- FSG2200HNU
- P-2802H(W)(L)-I Series
- PLA-4xx
- U-336S
- Prestige 642
- P-2900
- Prestige 2002
- P-870M-Ix v2
- PPC 10
- 802.11g Wireless USB Adapter ZyXEL G-200
- 100 Series
- 480
- WLAN 802.11n USB Adapter NWD271N
- ZyXEL ZyWALL 70
- P-2608HWL-DX
- NWD-170N
- P-2900-4HB
- NBG420N
- Draft 802.11n Wireless Broadband 1-NBG-415N
- 2864
- P-202H Plus v2
- Prestige 2302R
- ZyXEL ZyWALL P1
- ZyXEL Vantage VSG-1000
- PLA401
- Prestige 2002 Series
- N4100
- N4100
- Prestige 841
- ADSL2+ Ethernet / USB Router P-660RU-Tx v2
- P-870MH-C1
- Prestige 100MH
- NBG4115
- G-200v2
- P-2602HWNLI
- P-660HN-F1A
- 802.11g Wireless Ethernet Adapter 1-G-470
- 802.11g High Power Wireless Router P-334WH
- NWA-3160 Series
- Prestige 650H-E Series
- ACCESSING INTERNET & INTRANET omni series
- P630M
- ZyXEL ZyWALL 2WE
- NWD-370N
- NWD-370N
- 802.11g HomePlug AV ADSL2+ Gateway P-660HWP-D1
- 662H Series
- Prestige 794M
- G-220 v3
- P-660R-D Series
- P-334WT
- P-334WHD
- P-660HN-TxA
- 56K
- Prestige 660HW Series
- Wireless CardBus Card ZyAIR G-110
- WAP3205
- NBG-417N
- ZyXEL ZyWALL USG-1000
- Cable Modem Router with Wireless P-974 series
- 802.11A/B/G WIRELESS ACCESS POINT / BRIDGE G-570U
- ADSL2+ 4-port Gateway P-660H-D Series
- Prestige 660H Series
- 802.11g Wireless MIMO PCI Card ZyXEL M-302
- Powerline Ethernet Multiplug Center PLA491
- 802.11g HomePlug AV ADSL2+ Gateway P-660HWP-Dx
- NWD310N
- NWD310N
- Prestige 314 PLUS
- ADSL2+ Access Router P-660R-T1 v2
- 2602HW-C
- NBG-510S
- PLA-4xx Series
- Prestige 661H Series
- 802.11g Wireless CardBus Card ZyXEL G-162
- ZYWALL 100
- Intelligent Broadband Sharing Gateway P-324
- G-4100 v2
- ADSL2+ Ethernet/USB Gateway 660RU-Tx Series
- P-630-S
- NBG410W3G
- 3G Wireless Router NBG410W3G
- PRESTIGE 202H
- Centralized Network Management Vantage CNM
- ZyXEL ZyAIR AG-220
- Prestige 2602H Series
- P-870H-51a v2
- P-661H-D Series
- P-660HW-TX
- 802.11 Wireless Digital Media Adaptor DMA-1000W
- 802.11G G-210H
- MS-7206
- XtremeMIMO m-202
- P-661HW-D
- G-302
- ZyXEL XtremeMIMO X-550
- P-2304R-P1
- P-660HW-D Series
- G-100
- Omni 288S
- WLAN PCI Card IEEE802.11b
- NSA-220
- Network Storage NSA-220 Plus
- P-2602H Series