![background image](/i/zyxel/144895/zyxel-zywall-2-ee/h/zyxel-zywall-2-ee-520.png)
ZyWALL 2 Series User’s Guide
37-14
VPN/IPSec
Setup
Table 37-3
Menu 27.1.1.1: IKE Setup
FIELD DESCRIPTION
EXAMPLE
Encapsulation Press [SPACE BAR] to choose from
Tunnel
mode
or
Transport
mode and
then press [ENTER]. See earlier for a discussion of these.
Tunnel
Perfect
Forward
Secrecy (PFS)
Perfect Forward Secrecy (PFS) is disabled (
None
) by default in phase 2
IPSec SA setup. This allows faster IPSec setup, but is not so secure. Press
[SPACE BAR] and choose from
DH1
or
DH2
to enable PFS.
DH1
refers to
Diffie-Hellman Group 1 a 768 bit random number.
DH2
refers to Diffie-Hellman
Group 2 a 1024 bit (1Kb) random number (more secure, yet slower).
None
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save
your configuration, or press [ESC] at any time to cancel.
37.5 Manual Setup
You only configure
Menu 27.1.1.2 – Manual Setup
when you select
Manual
in the
Key Management
field
in
Menu 27.1.1 – IPSec Setup
. Manual key management is useful if you have problems with
IKE
key
management.
37.5.1 Active Protocol
This field is a combination of mode and security protocols used for the VPN. See the
Web Configurator
User’s Guide
for more information on these parameters.
Table 37-4 Active Protocol: Encapsulation and Security Protocol
MODE SECURITY
PROTOCOL
Tunnel ESP
Transport AH
37.5.2 Security Parameter Index (SPI)