ZyXEL Communications 202H 用户手册

Prestige 202H User’s Guide 

26-18 

VPN/IPSec Setup 

This may be unnecessary for data that does not require such security, so PFS is disabled (None) by default in 
the Prestige. Disabling PFS means new authentication and encryption keys are derived from the same root 
secret (which may have security implications in the long run) but allows faster SA setup (by bypassing the 
Diffie-Hellman key exchange). 

Phase 1 

Negotiation 
Mode 

Press [SPACE BAR] to choose from Main or Aggressive and then press 
[ENTER]. Multiple SAs connecting through a secure gateway must have the 
same negotiation mode.  

Pre-Shared Key  Prestige gateways authenticate an IKE VPN session by matching pre-shared 

keys. Pre-shared keys are best for small networks with fewer than ten nodes. 
Enter your pre-shared key here. Enter up to 31 characters. Any character 
may be used, including spaces, but trailing spaces are truncated. Multiple 
SAs connecting through a secure gateway must have the same pre-shared 
key.  

Menu 27.1.1.1 - IKE Setup 

 

          Phase 1 

            Negotiation Mode= Main 

            Pre-Shared Key= ? 

            Encryption Algorithm = DES 

            Authentication Algorithm = MD5 
            SA Life Time (Seconds)= 28800 

            Key Group= DH1 

 

          Phase 2 

            Active Protocol  = ESP 

            Encryption Algorithm  = DES 
            Authentication Algorithm  = SHA1 

            SA Life Time (Seconds)= 28800 

            Encapsulation  = Tunnel 

            Perfect Forward Secrecy (PFS)= None 

 

 

                    Press ENTER to Confirm or ESC to Cancel: