![background image](/i/zyxel/144895/zyxel-zywall-2-ee/h/zyxel-zywall-2-ee-238.png)
ZyWALL 2 Series User’s Guide
14-32
VPN Screens
Table 14-9 VPN Manual Setup
LABEL DESCRIPTION
Secure Gateway
Addr
Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with
which you're making the VPN connection.
SPI
Type a unique
SPI
(Security Parameter Index) from one to four characters long. Valid
Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".
Encapsulation
Mode
Select
Tunnel
mode or
Transport
mode from the drop-down list box.
ESP
Select
ESP
if you want to use ESP (Encapsulation Security Payload). The ESP
protocol (RFC 2406) provides encryption as well as some of the services offered by
AH. If you select ESP here, you must select options from the
Encryption Algorithm
and
Authentication Algorithm
fields (described next).
Encryption
Algorithm
Select
DES
,
3DES
or
NULL
from the drop-down list box.
When
DES
is used for data communications, both sender and receiver must know
the
Encryption Key
, which can be used to encrypt and decrypt the message or to
generate and verify a message authentication code. The DES encryption algorithm
uses a 56-bit key. Triple DES (
3DES
) is a variation on DES that uses a 168-bit key.
As a result,
3DES
is more secure than
DES
. It also requires more processing power,
resulting in increased latency and decreased throughput. Select
NULL
to set up a
tunnel without encryption. When you select
NULL
, you do not enter an encryption
key.
Authentication
Algorithm
Select
SHA1
or
MD5
from the drop-down list box.
MD5
(Message Digest 5) and
SHA1
(Secure Hash Algorithm) are hash algorithms used to authenticate packet
data. The
SHA1
algorithm is generally considered stronger than
MD5
, but is slower.
Select
MD5
for minimal security and
SHA-1
for maximum security.
AH
Select
AH
if you want to use AH (Authentication Header Protocol). The AH protocol
(RFC 2402) was designed for integrity, authentication, sequence integrity (replay
resistance), and non-repudiation but not for confidentiality, for which the ESP was
designed. If you select
AH
here, you must select options from the
Authentication
Algorithm
field (described next).
Authentication
Algorithm
Select
SHA1
or
MD5
from the drop-down list box.
MD5
(Message Digest 5) and
SHA1
(Secure Hash Algorithm) are hash algorithms used to authenticate packet
data. The
SHA1
algorithm is generally considered stronger than
MD5
, but is slower.
Select
MD5
for minimal security and
SHA-1
for maximum security.
Encryption Key
(Only with ESP)
With
DES
, type a unique key 8 characters long. With
3DES
, type a unique key 24
characters long. Any characters may be used, including spaces, but trailing spaces
are truncated.