ZyXEL 35 Guia Do Utilizador
ZyWALL 35 Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation.
322
NAT router in between, you can ignore this option. Just leave Local/Peer ID type as IP, and then skip this
option.
If either side of VPN tunneling end point is using dynamic IP address, you may need to configure ID for
the one with dynamic IP address. And in this case, "Aggressive mode" is recommended to be applied in
phase 1 negotiation.
K13. Is my ZyWALL ready for IPSec VPN?
IPSec VPN is available for ZyWALL since ZyNOS V3.50. It is free upgrade, no registration is needed.
By upgrading the firmware and also configurations (romfile) to ZyNOS V3.50, the IPSec VPN capability
is ready in your ZyWALL. You then can configure VPN via web configurator. Please download the
firmware from our web site.
K14. How do I configure ZyWALL VPN?
You can configure ZyWALL for VPN via web GUI. ZyWALL 1 supports Web only.
K15. What VPN protocols are supported by ZyWALL?
All ZyWALL series support ESP (protocol number 50) and AH (protocol number 51).
K16. What types of encryption does ZyWALL VPN support?
ZyWALL supports 56-bit DES and 168-bit 3DES.
K17. What types of authentication does ZyWALL VPN support?
VPN vendors support a number of different authentication methods. ZyWALL VPN supports both SHA1
and MD5.
AH provides authentication, integrity, and replay protection (but not confidentiality). Its main difference
with ESP is that AH also secures parts of the IP header of the packet (like the source/destination
addresses), but ESP does not.
ESP can provide authentication, integrity, replay protection, and confidentiality of the data (it secures
everything in the packet that follows the header). Replay protection requires authentication and integrity
(these two go always together). Confidentiality
(encryption) can be used with or without authentication/integrity. Similarly, one could use
authentication/integrity with or without confidentiality.