ZyXEL 202H 91-003-194001B User Manual
Product codes
91-003-194001B
P-202H Plus v2 User’s Guide
Chapter 11 VPN Screens
134
11.14 SA Monitor Screen
In the web configurator, click VPN and the Monitor link. Use this screen to display and
manage active VPN connections.
manage active VPN connections.
A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
This screen displays active VPN connections. Use Refresh to display active VPN
connections. This screen is read-only. The following table describes the labels in this tab.
This screen displays active VPN connections. Use Refresh to display active VPN
connections. This screen is read-only. The following table describes the labels in this tab.
Note: When there is outbound traffic but no inbound traffic, the SA times out
automatically after two minutes. A tunnel with no outbound or inbound traffic is
"idle" and does not timeout until the SA lifetime period expires. See the Keep
Alive section to have the ZyXEL Device renegotiate an IPSec SA when the SA
lifetime expires, even if there is no traffic.
"idle" and does not timeout until the SA lifetime period expires. See the Keep
Alive section to have the ZyXEL Device renegotiate an IPSec SA when the SA
lifetime expires, even if there is no traffic.
Encryption Algorithm
Select DES, 3DES or NULL from the drop-down list box. The ZyXEL Device's
encryption algorithm should be identical to the secure remote gateway. When
DES is used for data communications, both sender and receiver must know
the same secret key, which can be used to encrypt and decrypt the message
or to generate and verify a message authentication code. The DES
encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on
DES that uses a 168-bit key. As a result, 3DES is more secure than DES. It
also requires more processing power, resulting in increased latency and
decreased throughput. Select NULL to set up a tunnel without encryption.
When you select NULL, you do not enter an encryption key.
Encryption Key (Only
with ESP)
With DES, type a unique key 8 characters long. With 3DES, type a unique
key 24 characters long. Any characters may be used, including spaces, but
trailing spaces are truncated.
Authentication
Algorithm
Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5)
and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate
packet data. The SHA1 algorithm is generally considered stronger than MD5,
but is slower. Select MD5 for minimal security and SHA-1 for maximum
security.
Authentication Key
Type a unique authentication key to be used by IPSec if applicable. Enter 16
characters for MD5 authentication or 20 characters for SHA-1 authentication.
Any characters may be used, including spaces, but trailing spaces are
truncated.
Back
Click Back to return to the previous screen.
Apply
Click Apply to save your changes back to the ZyXEL Device.
Cancel
Click Cancel to begin configuring this screen afresh.
Delete
Click Delete to remove the current rule.
Table 39 Rule Setup with Manual Key
LABEL
DESCRIPTION