ZyXEL Communications ZyWALL 2 Series Manual De Usuario
ZyWALL 2 Series User’s Guide
37-14
VPN/IPSec
Setup
Table 37-3
Menu 27.1.1.1: IKE Setup
FIELD DESCRIPTION
EXAMPLE
Encapsulation Press [SPACE BAR] to choose from Tunnel mode or Transport mode and
then press [ENTER]. See earlier for a discussion of these.
Tunnel
Perfect
Forward
Secrecy (PFS)
Perfect Forward Secrecy (PFS) is disabled (None) by default in phase 2
IPSec SA setup. This allows faster IPSec setup, but is not so secure. Press
[SPACE BAR] and choose from DH1 or DH2 to enable PFS. DH1 refers to
Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman
Group 2 a 1024 bit (1Kb) random number (more secure, yet slower).
IPSec SA setup. This allows faster IPSec setup, but is not so secure. Press
[SPACE BAR] and choose from DH1 or DH2 to enable PFS. DH1 refers to
Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman
Group 2 a 1024 bit (1Kb) random number (more secure, yet slower).
None
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save
your configuration, or press [ESC] at any time to cancel.
your configuration, or press [ESC] at any time to cancel.
37.5 Manual Setup
You only configure Menu 27.1.1.2 – Manual Setup when you select Manual in the Key Management field
in Menu 27.1.1 – IPSec Setup. Manual key management is useful if you have problems with IKE key
management.
in Menu 27.1.1 – IPSec Setup. Manual key management is useful if you have problems with IKE key
management.
37.5.1 Active Protocol
This field is a combination of mode and security protocols used for the VPN. See the Web Configurator
User’s Guide for more information on these parameters.
User’s Guide for more information on these parameters.
Table 37-4 Active Protocol: Encapsulation and Security Protocol
MODE SECURITY
PROTOCOL
Tunnel ESP
Transport AH
37.5.2 Security Parameter Index (SPI)