![background image](/i/zyxel/144701/zyxel-zywall-2wg-ee/h/zyxel-zywall-2wg-ee-320.png)
Chapter 15 IPSec VPN Screens
ZyWALL 2WG User’s Guide
320
15.5 The VPN SA Monitor Screen
In the web configurator, click
SECURITY > VPN
>
SA Monitor
. Use this screen to display
and manage active VPN connections.
A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
This screen displays active VPN connections. Use
Refresh
to display active VPN connections.
Encapsulation
Mode
Select
Tunnel
mode or
Transport
mode from the drop-down list box.
Active Protocol
Select
ESP
if you want to use ESP (Encapsulation Security Payload). The ESP
protocol (RFC 2406) provides encryption as well as some of the services offered
by
AH
. If you select
ESP
here, you must select options from the
Encryption
Algorithm
and
Authentication Algorithm
fields (described next).
Select
AH
if you want to use AH (Authentication Header Protocol). The AH
protocol (RFC 2402) was designed for integrity, authentication, sequence integrity
(replay resistance), and non-repudiation but not for confidentiality, for which the
ESP was designed. If you select
AH
here, you must select options from the
Authentication Algorithm
field (described next).
Encryption
Algorithm
Select
DES
,
3DES
or
NULL
from the drop-down list box.
When
DES
is used for data communications, both sender and receiver must know
the
Encryption Key
, which can be used to encrypt and decrypt the message or to
generate and verify a message authentication code. The DES encryption algorithm
uses a 56-bit key. Triple DES (
3DES
) is a variation on DES that uses a 168-bit key.
As a result,
3DES
is more secure than
DES
. It also requires more processing
power, resulting in increased latency and decreased throughput. Select
NULL
to
set up a tunnel without encryption. When you select
NULL
, you do not enter an
encryption key.
Authentication
Algorithm
Select
SHA1
or
MD5
from the drop-down list box.
MD5
(Message Digest 5) and
SHA1
(Secure Hash Algorithm) are hash algorithms used to authenticate packet
data. The
SHA1
algorithm is generally considered stronger than
MD5
, but is
slower. Select
MD5
for minimal security and
SHA-1
for maximum security.
Encryption Key
This field is applicable when you select
ESP
in the
Active
Protocol
field above.
With
DES
, type a unique key 8 characters long. With
3DES
, type a unique key 24
characters long. Any characters may be used, including spaces, but trailing spaces
are truncated.
Authentication
Key
Type a unique authentication key to be used by IPSec if applicable. Enter 16
characters for
MD5
authentication or 20 characters for
SHA-1
authentication. Any
characters may be used, including spaces, but trailing spaces are truncated.
Apply
Click
Apply
to save your changes back to the ZyWALL.
Cancel
Click
Cancel
to exit this screen without saving.
Table 90
SECURITY > VPN > VPN Rules (Manual) > Edit (continued)
LABEL
DESCRIPTION