Remote Network
If the Remote Network field is configured to Single, enter a (static) IP address on the network behind the remote IPSec
router. If the Remote Network field is configured to Range IP, enter the beginning and end (static) IP address, in a range of
computers on the network behind the remote IPSec router. If the Remote Network field is configured to Subnet, enter a
(static) IP address and subnet mask on the network behind the remote IPSec router.
Step 3.
Use the third wizard screen to configure IKE (Internet Key Exchange) tunnel settings.
Authentication Algorithm
MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. Select
MD5 for minimal security and SHA-1 for maximum security.
Key Group
Choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie-Hellman Group 1 a 768 bit random number. DH2
refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.
SA Life Time (Minutes)
Define the length of time before an IKE SA automatically renegotiates in this field. The minimum value is 180 seconds.
Pre-Shared Key
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "A-F") characters. You must
precede a hexadecimal key with a "0x" (zero x), which is not counted as part of the 16 to 62 character range for the key.
Click Next to continue.
ZyWALL 70 Internet Security Appliance
14
Negotiation Mode
Select Main Mode or Aggressive Mode.
Multiple SAs connecting through a secure
gateway must have the same negotiation
mode.
Encryption Algorithm
Select the method of data encryption using a
private (secret) key.
The DES encryption algorithm uses a 56-bit
key. Triple DES (3DES) is a variation on
DES that uses a 168-bit key. As a result,
3DES is more secure than DES. It also
requires more processing power, resulting in
increased latency and decreased throughput.
This implementation of AES uses a 128-bit
key. AES is faster than 3DES.