ZyXEL Communications 1000 User Manual

Chapter 5 Quick Setup

ZyWALL USG 1000 User’s Guide

• Remote Access (Client Role) - Choose this to connect to an IPSec server. This 

ZyWALL is the client (dial-in user) and can initiate the VPN tunnel.  

There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 
(Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an 
IKE SA (Security Association). 

Figure 58   VPN Advanced Wizard: Phase 1 Settings    

• Secure Gateway: If Any displays in this field, it is not configurable for the 

chosen scenario. If this field is configurable, enter the WAN IP address or 

domain name of the remote IPSec device (secure gateway) to identify the 

remote IPSec device by its IP address or a domain name. Use 0.0.0.0 if the 

remote IPSec device has a dynamic WAN IP address.

• My Address (interface): Select an interface from the drop-down list box to 

use on your ZyWALL.

• Negotiation Mode: Select Main for identity protection. Select Aggressive to 

allow more incoming connections from dynamic IP addresses to use separate 

passwords.

Note: Multiple SAs connecting through a secure gateway must have the same 

negotiation mode.

• Encryption Algorithm: 3DES and AES use encryption. The longer the key, the 

higher the security (this may affect throughput). Both sender and receiver must 

know the same secret key, which can be used to encrypt and decrypt the 

message or to generate and verify a message authentication code. The DES 

encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES