ZyXEL Communications 5 Series User Manual
Chapter 19 IPSec VPN
ZyWALL 5/35/70 Series User’s Guide
371
Ending IP Address/
Subnet Mask
Subnet Mask
When the Address Type field is configured to Single Address, this field is N/A.
When the Address Type field is configured to Range Address, enter the end
(static) IP address, in a range of computers on the LAN behind your ZyWALL.
When the Address Type field is configured to Subnet Address, this is a
subnet mask on the LAN behind your ZyWALL.
When the Address Type field is configured to Range Address, enter the end
(static) IP address, in a range of computers on the LAN behind your ZyWALL.
When the Address Type field is configured to Subnet Address, this is a
subnet mask on the LAN behind your ZyWALL.
Local Port
0 is the default and signifies any port. Type a port number from 0 to 65535 in the
Start and End fields. Some of the most common IP ports are: 21, FTP; 53,
DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.
Start and End fields. Some of the most common IP ports are: 21, FTP; 53,
DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.
Remote Network
Specify the IP addresses of the devices behind the remote IPSec router that
can use the VPN tunnel. The remote IP addresses must correspond to the
remote IPSec router's configured local IP addresses.
Two active SAs cannot have the local and remote IP address(es) both the
same. Two active SAs can have the same local or remote IP address, but not
both. You can configure multiple SAs between the same local and remote IP
addresses, as long as only one is active at any time.
can use the VPN tunnel. The remote IP addresses must correspond to the
remote IPSec router's configured local IP addresses.
Two active SAs cannot have the local and remote IP address(es) both the
same. Two active SAs can have the same local or remote IP address, but not
both. You can configure multiple SAs between the same local and remote IP
addresses, as long as only one is active at any time.
Address Type
Use the drop-down list box to choose Single Address, Range Address, or
Subnet Address. Select Single Address with a single IP address. Select
Range Address for a specific range of IP addresses. Select Subnet Address
to specify IP addresses on a network by their subnet mask.
Subnet Address. Select Single Address with a single IP address. Select
Range Address for a specific range of IP addresses. Select Subnet Address
to specify IP addresses on a network by their subnet mask.
Starting IP Address
When the Address Type field is configured to Single Address, enter a (static)
IP address on the network behind the remote IPSec router. When the Addr
Type field is configured to Range Address, enter the beginning (static) IP
address, in a range of computers on the network behind the remote IPSec
router. When the Address Type field is configured to Subnet Address, enter a
(static) IP address on the network behind the remote IPSec router.
IP address on the network behind the remote IPSec router. When the Addr
Type field is configured to Range Address, enter the beginning (static) IP
address, in a range of computers on the network behind the remote IPSec
router. When the Address Type field is configured to Subnet Address, enter a
(static) IP address on the network behind the remote IPSec router.
Ending IP Address/
Subnet Mask
Subnet Mask
When the Address Type field is configured to Single Address, this field is N/A.
When the Address Type field is configured to Range Address, enter the end
(static) IP address, in a range of computers on the network behind the remote
IPSec router. When the Address Type field is configured to Subnet Address,
enter a subnet mask on the network behind the remote IPSec router.
When the Address Type field is configured to Range Address, enter the end
(static) IP address, in a range of computers on the network behind the remote
IPSec router. When the Address Type field is configured to Subnet Address,
enter a subnet mask on the network behind the remote IPSec router.
Remote Port
0 is the default and signifies any port. Type a port number from 0 to 65535 in the
Start and End fields. Some of the most common IP ports are: 21, FTP; 53,
DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.
Start and End fields. Some of the most common IP ports are: 21, FTP; 53,
DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.
IPSec Proposal
Encapsulation Mode
Select Tunnel mode or Transport mode.
Active Protocol
Select the security protocols used for an SA.
Both AH and ESP increase processing requirements and communications
latency (delay).
Both AH and ESP increase processing requirements and communications
latency (delay).
Encryption Algorithm Select which key size and encryption algorithm to use in this SA. Choices are:
NULL - no encryption key or algorithm
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
AES - a 128/192/256-bit key with the AES encryption algorithm
The ZyWALL and the remote IPSec router must use the same algorithms and
keys. Longer keys require more processing power, resulting in increased
latency and decreased throughput.
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
AES - a 128/192/256-bit key with the AES encryption algorithm
The ZyWALL and the remote IPSec router must use the same algorithms and
keys. Longer keys require more processing power, resulting in increased
latency and decreased throughput.
Authentication
Algorithm
Algorithm
Select which hash algorithm to use to authenticate packet data in the IPSec SA.
Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5,
but it is also slower.
Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5,
but it is also slower.
Table 102 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy (continued)
LABEL
DESCRIPTION