ZyXEL Communications zywall 50 User Manual
ZyWALL 50 Internet Security Gateway
23-6
VPN/IPSec
Setup
Table 23-3 Menu 27.1 — IPSec Summary
FIELD DESCRIPTION EXAMPLE
#
This is the VPN policy index number.
1
Name
This field displays the unique identification name for this VPN rule. The
name may be up to 32 characters long but only 10 characters will be
displayed here.
name may be up to 32 characters long but only 10 characters will be
displayed here.
Taiwan
A
Y signifies that this VPN rule is active.
Y
Local Addr
Start
Start
This is the beginning IP address of the computers on your local network
behind your ZyWALL. This must be a static IP address.
behind your ZyWALL. This must be a static IP address.
192.168.1.35
Local Addr
End
End
This is the end (static) IP address (in a range) of computers on your local
network behind your ZyWALL.
network behind your ZyWALL.
192.168.1.38
Remote
Addr Start
Addr Start
This is the beginning IP address of the computers on the remote network
behind the remote IPSec router. This must be a static IP address.
behind the remote IPSec router. This must be a static IP address.
172.16.2.40
Remote
Addr End
Addr End
This is the end (static) IP address (in a range) of computers on the remote
network behind the remote IPSec router.
network behind the remote IPSec router.
172.16.2.46
Encap
This field displays Tunnel mode or Transport mode. See earlier for a
discussion of these.
discussion of these.
Tunnel
IPSec
Algorithm
Algorithm
This field displays the security protocols used for an SA. ESP provides
confidentiality and integrity of data by encrypting the data and
encapsulating it into IP packets. Encryption methods include 56-bit DES
and 168-bit 3DES.
confidentiality and integrity of data by encrypting the data and
encapsulating it into IP packets. Encryption methods include 56-bit DES
and 168-bit 3DES.
AH (Authentication Header) provides strong integrity and authentication
by adding authentication information to IP packets. This authentication
information is calculated using header and payload data in the IP packet.
This provides an additional level of security. AH choices are MD5 (default
- 128 bits) and SHA -1(160 bits).
by adding authentication information to IP packets. This authentication
information is calculated using header and payload data in the IP packet.
This provides an additional level of security. AH choices are MD5 (default
- 128 bits) and SHA -1(160 bits).
Both AH and ESP increase the ZyWALL’s processing requirements and
communications latency (delay).
communications latency (delay).
ESP DES MD5
Secure Gw
Addr
Addr
This is the WAN IP address of the IPSec router with which you’re making
the VPN connection. If the peer has a dynamic WAN IP address, set this
field to 0.0.0.0. This may be useful for telecommuters initiating a VPN
tunnel to the company network. Only the telecommuter may initiate the
VPN tunnel in this case.
the VPN connection. If the peer has a dynamic WAN IP address, set this
field to 0.0.0.0. This may be useful for telecommuters initiating a VPN
tunnel to the company network. Only the telecommuter may initiate the
VPN tunnel in this case.
Public IP
address
Select
Command
Command
Press [SPACE BAR] to choose from None, Edit, Delete, Go To Rule,
Next Page or Previous Page and then press [ENTER]. You must select a
rule in the next field when you choose the Edit, Delete or Go To
Next Page or Previous Page and then press [ENTER]. You must select a
rule in the next field when you choose the Edit, Delete or Go To
None