ZyXEL Communications 202H User Manual

Prestige 202H User’s Guide 

VPN/IPSec Setup 

 

26-15 

EXAMPLE 

End  Enter a port number in this field to define a port range. This port number 

must be greater than that specified in the previous field. This field is N/A 
when 0 is configured in the Port Start field. 

 

Enable Replay 
Detection 

As a VPN setup is processing intensive, the system is vulnerable to Denial 
of Service (DoS) attacks The IPSec receiver can detect and reject old or 
duplicate packets to protect against replay attacks. Enable replay detection 
by setting this field to Yes. 

Press [SPACE BAR] to select Yes or No. Choose Yes and press [ENTER] 
to enable replay detection. 

No 

Key 
Management 

Press [SPACE BAR] to choose either IKE or Manual and then press 
[ENTER]. Manual is useful for troubleshooting if you have problems using 
IKE key management. 

Edit Key 
Management 
Setup 

Press [SPACE BAR] to change the default No to Yes and then press 
[ENTER] to go to a key management menu for configuring your key 
management setup (described later). If you set the Key Management field 
to IKE, this will take you to Menu 27.1.1.1 – IKE Setup. If you set the Key 
Management field to Manual, this will take you to Menu 27.1.1.2 – 
Manual Setup. 

When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save 
your configuration, or press [ESC] at any time to cancel. 

There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 
2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate 
SAs for IPSec.