ZyXEL Communications zywall 50 用户手册
ZyWALL 50 Internet Security Gateway
VPN/IPSec Setup
23-3
Table 23-1 AH and ESP
ESP AH
Select DES for minimal security and 3DES for maximum.
Select MD5 for minimal security and SHA-1 for
maximum security.
maximum security.
DES (default)
Data Encryption Standard (DES) is a widely used method
of data encryption using a private (secret) key. DES
applies a 56-bit key to each 64-bit block of data.
Data Encryption Standard (DES) is a widely used method
of data encryption using a private (secret) key. DES
applies a 56-bit key to each 64-bit block of data.
MD5 (default)
MD5 (Message Digest 5) produces a 128-bit
digest to authenticate packet data.
MD5 (Message Digest 5) produces a 128-bit
digest to authenticate packet data.
3DES
Triple DES (3DES) is a variant of DES, which iterates
three times with three separate keys (3 x 56 = 168 bits),
effectively doubling the strength of DES.
Triple DES (3DES) is a variant of DES, which iterates
three times with three separate keys (3 x 56 = 168 bits),
effectively doubling the strength of DES.
SHA1
SHA1 (Secure Hash Algorithm) produces a
160-bit digest to authenticate packet data.
SHA1 (Secure Hash Algorithm) produces a
160-bit digest to authenticate packet data.
23.3 IPSec Summary
Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 — IPSec Summary. This is a summary
read-only menu of your IPSec rules (tunnels). Edit or create an IPSec rule by selecting an index number and
then configuring the associated submenus.
The following figure helps explain the main fields in menu 27.1.
read-only menu of your IPSec rules (tunnels). Edit or create an IPSec rule by selecting an index number and
then configuring the associated submenus.
The following figure helps explain the main fields in menu 27.1.
Figure 23-3 IPSec Summary Fields
Local and remote IP addresses must be static. The VPN initiator local IP address range should be identical to
the peer remote IP address range. Similarly, the VPN initiator remote IP address range should be identical to
the peer local IP address range. If they are not, the connection will fail and this will display in the IPSec log
as a local or remote ID failure.
the peer remote IP address range. Similarly, the VPN initiator remote IP address range should be identical to
the peer local IP address range. If they are not, the connection will fail and this will display in the IPSec log
as a local or remote ID failure.