Chapter 3 Wizard Setup
ZyWALL 2 Plus User’s Guide
84
Figure 29
VPN Wizard: IPSec Setting
The following table describes the labels in this screen.
Table 18
VPN Wizard: IPSec Setting
LABEL
DESCRIPTION
Encapsulation Mode
Tunnel
is compatible with NAT,
Transport
is not.
Tunnel mode encapsulates the entire IP packet to transmit it securely. A Tunnel
mode is required for gateway services to provide access to internal systems.
Tunnel mode is fundamentally an IP tunnel with authentication and encryption.
Transport mode is used to protect upper layer protocols and only affects the
data in the IP packet. In Transport mode, the IP packet contains the security
protocol (AH or ESP) located after the original IP header and options, but before
any upper layer protocols contained in the packet (such as TCP and UDP).
IPSec Protocol
Select the security protocols used for an SA.
Both
AH
and
ESP
increase ZyWALL processing requirements and
communications latency (delay).
Encryption Algorithm When
DES
is used for data communications, both sender and receiver must
know the same secret key, which can be used to encrypt and decrypt the
message or to generate and verify a message authentication code. The DES
encryption algorithm uses a 56-bit key. Triple DES (
3DES
) is a variation on DES
that uses a 168-bit key. As a result,
3DES
is more secure than
DES
. It also
requires more processing power, resulting in increased latency and decreased
throughput. This implementation of
AES
uses a 128-bit key.
AES
is faster than
3DES
. Select
NULL
to set up a tunnel without encryption. When you select
NULL
, you do not enter an encryption key.
Authentication
Algorithm
MD5
(Message Digest 5) and
SHA1
(Secure Hash Algorithm) are hash
algorithms used to authenticate packet data. The
SHA1
algorithm is generally
considered stronger than
MD5
, but is slower. Select
MD5
for minimal security
and
SHA-1
for maximum security.
SA Life Time
(Seconds)
Define the length of time before an IKE SA automatically renegotiates in this
field. The minimum value is 180 seconds.
A short SA Life Time increases security by forcing the two VPN gateways to
update the encryption and authentication keys. However, every time the VPN
tunnel renegotiates, all users accessing remote resources are temporarily
disconnected.
Содержание ADSL 2+ Security Gateway
Страница 1: ...www zyxel com ZyWALL 2 Plus Internet Security Appliance User s Guide Version 4 03 12 2007 Edition 1 ...
Страница 2: ......
Страница 25: ...Table of Contents ZyWALL 2 Plus User s Guide 25 Index 679 ...
Страница 26: ...Table of Contents ZyWALL 2 Plus User s Guide 26 ...
Страница 46: ...46 ...
Страница 88: ...Chapter 3 Wizard Setup ZyWALL 2 Plus User s Guide 88 ...
Страница 131: ...131 PART II Network LAN Screens 133 Bridge Screens 145 WAN Screens 151 DMZ Screens 171 Wireless LAN 181 ...
Страница 132: ...132 ...
Страница 144: ...Chapter 6 LAN Screens ZyWALL 2 Plus User s Guide 144 ...
Страница 180: ...Chapter 9 DMZ Screens ZyWALL 2 Plus User s Guide 180 ...
Страница 190: ...190 ...
Страница 209: ...Chapter 11 Firewall ZyWALL 2 Plus User s Guide 209 Figure 138 SECURITY FIREWALL Rule Summary Edit ...
Страница 221: ...Chapter 11 Firewall ZyWALL 2 Plus User s Guide 221 Figure 149 My Service Firewall Rule Example Rule Summary Completed ...
Страница 222: ...Chapter 11 Firewall ZyWALL 2 Plus User s Guide 222 ...
Страница 252: ...Chapter 13 Content Filtering Reports ZyWALL 2 Plus User s Guide 252 ...
Страница 265: ...Chapter 14 IPSec VPN ZyWALL 2 Plus User s Guide 265 Figure 178 SECURITY VPN VPN Rules IKE Edit Gateway Policy ...
Страница 274: ...Chapter 14 IPSec VPN ZyWALL 2 Plus User s Guide 274 Figure 181 SECURITY VPN VPN Rules IKE Edit Network Policy ...
Страница 306: ...Chapter 15 Certificates ZyWALL 2 Plus User s Guide 306 Figure 203 SECURITY CERTIFICATES My Certificates Create Basic ...
Страница 328: ...Chapter 16 Authentication Server ZyWALL 2 Plus User s Guide 328 ...
Страница 330: ...330 ...
Страница 346: ...Chapter 17 Network Address Translation NAT ZyWALL 2 Plus User s Guide 346 ...
Страница 350: ...Chapter 18 Static Route ZyWALL 2 Plus User s Guide 350 ...
Страница 398: ...Chapter 21 Remote Management ZyWALL 2 Plus User s Guide 398 ...
Страница 416: ...Chapter 24 ALG Screen ZyWALL 2 Plus User s Guide 416 ...
Страница 417: ...417 PART V Logs and Maintenance Logs Screens 419 Maintenance 447 ...
Страница 418: ...418 ...
Страница 423: ...Chapter 25 Logs Screens ZyWALL 2 Plus User s Guide 423 Figure 274 LOGS Log Settings ...
Страница 466: ...466 ...
Страница 474: ...Chapter 27 Introducing the SMT ZyWALL 2 Plus User s Guide 474 ...
Страница 496: ...Chapter 30 LAN Setup ZyWALL 2 Plus User s Guide 496 ...
Страница 504: ...Chapter 32 DMZ Setup ZyWALL 2 Plus User s Guide 504 ...
Страница 508: ...Chapter 33 Wireless Setup ZyWALL 2 Plus User s Guide 508 ...
Страница 556: ...Chapter 38 Filter Configuration ZyWALL 2 Plus User s Guide 556 ...
Страница 570: ...Chapter 40 System Information Diagnosis ZyWALL 2 Plus User s Guide 570 ...
Страница 586: ...Chapter 41 Firmware and Configuration File Maintenance ZyWALL 2 Plus User s Guide 586 ...
Страница 594: ...Chapter 42 System Maintenance Menus 8 to 10 ZyWALL 2 Plus User s Guide 594 ...
Страница 598: ...Chapter 43 Remote Management ZyWALL 2 Plus User s Guide 598 ...
Страница 603: ...603 PART VII Troubleshooting and Specifications Troubleshooting 605 Product Specifications 613 ...
Страница 604: ...604 ...
Страница 612: ...Chapter 45 Troubleshooting ZyWALL 2 Plus User s Guide 612 ...
Страница 620: ...620 ...
Страница 644: ...Appendix B Pop up Windows JavaScripts and Java Permissions ZyWALL 2 Plus User s Guide 644 ...
Страница 668: ...Appendix E Importing Certificates ZyWALL 2 Plus User s Guide 668 ...
Страница 672: ...Appendix F Legal Information ZyWALL 2 Plus User s Guide 672 ...
Страница 678: ...Appendix G Customer Support ZyWALL 2 Plus User s Guide 678 ...