ZyXEL Communications 202H User Manual

Prestige 202H User’s Guide 

26-22 

VPN/IPSec Setup 

EXAMPLE 

Key  Enter the authentication key to be used by IPSec if applicable. The key 

must be unique. Enter 16 characters for MD5 authentication and 20 
characters for SHA-1 authentication. Any character may be used, 
including spaces, but trailing spaces are truncated. 

123456789abcde

AH Setup 

The AH Setup fields are N/A if you chose an ESP Active Protocol. 

 

SPI (Decimal)  The SPI must be from one to four unique decimal characters ("0" to "9") 

long. 

Authentication 

Algorithm 

Press [SPACE BAR] to choose from MD5 or SHA1 and then press 
[ENTER]. 

Key  Enter the authentication key to be used by IPSec if applicable. The key 

must be unique. Enter 16 characters for MD5 authentication and 20 
characters for SHA-1 authentication. Any character may be used, 
including spaces, but trailing spaces are truncated. 

When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save 
your configuration, or press [ESC] at any time to cancel. 

The following examples show how multiple telecommuters can make VPN connections to a single Prestige at 
headquarters from remote IPSec routers that use dynamic WAN IP addresses. 

Multiple telecommuters can use one VPN rule to simultaneously access a Prestige at headquarters. They 
must all use the same IPSec parameters (including the pre-shared key) but the local IP addresses (or ranges of 
addresses) cannot overlap. See the following table and figure for an example. 

 Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key is 
compromised, all of the VPN connections using that VPN rule are at risk. A recommended alternative is to 
use a different VPN rule for each telecommuter and identify them by unique IDs (see section 26.13.2 for an 
example).