ZyXEL Communications 202H 用户手册
Prestige 202H User’s Guide
VPN/IPSec Setup
26-3
Table 26-1 AH and ESP
ESP AH
Select DES for minimal security and 3DES for maximum.
Select NULL to set up a tunnel without encryption.
Select NULL to set up a tunnel without encryption.
Select MD5 for minimal security and SHA-1 for
maximum security.
maximum security.
DES (default)
Data Encryption Standard (DES) is a widely used method
of data encryption using a private (secret) key. DES
applies a 56-bit key to each 64-bit block of data.
Data Encryption Standard (DES) is a widely used method
of data encryption using a private (secret) key. DES
applies a 56-bit key to each 64-bit block of data.
MD5 (default)
MD5 (Message Digest 5) produces a 128-bit
digest to authenticate packet data.
MD5 (Message Digest 5) produces a 128-bit
digest to authenticate packet data.
3DES
Triple DES (3DES) is a variant of DES, which iterates
three times with three separate keys (3 x 56 = 168 bits),
effectively doubling the strength of DES.
Triple DES (3DES) is a variant of DES, which iterates
three times with three separate keys (3 x 56 = 168 bits),
effectively doubling the strength of DES.
SHA1
SHA1 (Secure Hash Algorithm) produces a
160-bit digest to authenticate packet data.
SHA1 (Secure Hash Algorithm) produces a
160-bit digest to authenticate packet data.
26.3 My IP Address
My IP Addr is the WAN IP address of the Prestige. If this field is configured as 0.0.0.0, then the Prestige
will use the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel. If the My IP
Addr changes after setup, then the VPN tunnel will have to be rebuilt.
will use the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel. If the My IP
Addr changes after setup, then the VPN tunnel will have to be rebuilt.
26.4 Secure Gateway Address
Secure Gateway Addr is the WAN IP address or domain name of the remote IPSec router (secure gateway).
If the remote secure gateway has a static public IP address, enter it in the Secure Gateway Addr field. You
may alternatively enter the remote secure gateway’s domain name in the Secure Gateway Addr field. This
also works when the remote secure gateway uses DDNS. This way your Prestige can find the remote secure
gateway, even if it has a dynamic WAN IP address.
If the remote secure gateway has a static public IP address, enter it in the Secure Gateway Addr field. You
may alternatively enter the remote secure gateway’s domain name in the Secure Gateway Addr field. This
also works when the remote secure gateway uses DDNS. This way your Prestige can find the remote secure
gateway, even if it has a dynamic WAN IP address.
If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 in the
Secure Gateway Addr field. In this case only the remote secure gateway can initiate SAs. This may be
useful for telecommuters initiating a VPN tunnel to the company network. See the following table for an
example configuration. You can configure multiple SAs to simultaneously connect through the same secure
gateway. In this case, you must configure the SAs to have the same Negotiation Mode and Pre-Shared Key
(Menu 27.1.1.1 IKE Setup).
Secure Gateway Addr field. In this case only the remote secure gateway can initiate SAs. This may be
useful for telecommuters initiating a VPN tunnel to the company network. See the following table for an
example configuration. You can configure multiple SAs to simultaneously connect through the same secure
gateway. In this case, you must configure the SAs to have the same Negotiation Mode and Pre-Shared Key
(Menu 27.1.1.1 IKE Setup).
The Secure Gateway IP Address may be configured as 0.0.0.0 only when using IKE
key management and not Manual key management.
A Prestige with Secure Gateway Address set to 0.0.0.0 can receive multiple VPN connection requests using
the same VPN rule at the same time.
the same VPN rule at the same time.