5 advanced vpn rule setup (ike) – ZyXEL Communications P-334U User Manual
Page 153
P-334U/P-335U User’s Guide
Chapter 13 IPSec VPN
153
13.5 Advanced VPN Rule Setup (IKE)
Click Advanced... in the Rule Setup screen to open this screen.
Pre-Shared Key
Type your pre-shared key in this field. A pre-shared key identifies a
communicating party during a phase 1 IKE negotiation. It is called "pre-shared"
because you have to share it with another party before you can communicate
with them over a secure connection.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal
("0-9", "A-F") characters. You must precede a hexadecimal key with a "0x” (zero
x), which is not counted as part of the 16 to 62 character range for the key. For
example, in "0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal
and “0123456789ABCDEF” is the key itself.
Both ends of the VPN tunnel must use the same pre-shared key. You will receive
a “PYLD_MALFORMED” (payload malformed) packet if the same pre-shared key
is not used on both ends.
Encryption
Algorithm
Select which key size and encryption algorithm to use for data communications.
Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
The ZyXEL Device and the remote IPSec router must use the same algorithms
and key , which can be used to encrypt and decrypt the message or to generate
and verify a message authentication code. Longer keys require more processing
power, resulting in increased latency and decreased throughput.
Authentication
Algorithm
Select which hash algorithm to use to authenticate packet data. Choices are
SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also
slower.
Advanced...
Click Advanced... to configure more detailed settings of your IKE key
management.
Apply
Click Apply to save your changes back to the ZyXEL Device.
Reset
Click Reset to begin configuring this screen afresh.
Table 52 Security > VPN > Rule Setup: IKE (Basic) (continued)
LABEL
DESCRIPTION