5 manual setup, 1 active protocol, 2 security parameter index (spi) – ZyXEL Communications ZyXEL ZyWALL 35 User Manual

ZyWALL 35 User’s Guide

Chapter 44 VPN/IPSec Setup

569

44.5 Manual Setup

You only configure Menu 27.1.1.2 – Manual Setup when you select Manual in the Key
Management field in Menu 27.1.1 – IPSec Setup. Manual key management is useful if you
have problems with IKE key management.

44.5.1 Active Protocol

This field is a combination of mode and security protocols used for the VPN. See

Chapter 13

Introduction to IPSec

for more information on these parameters.

44.5.2 Security Parameter Index (SPI)

To edit this menu, move the cursor to the Edit Manual Setup field in Menu 27.1.1 – IPSec
Setup, press [SPACE BAR] to select Yes and then press [ENTER] to go to Menu 27.1.1.2 –
Manual Setup.

Encapsulation

Press [SPACE BAR] to choose from Tunnel mode or Transport mode and then press

[ENTER]. See earlier for a discussion of these.

Perfect

Forward

Secrecy (PFS)

Perfect Forward Secrecy (PFS) is disabled (None) by default in phase 2 IPSec SA

setup. This allows faster IPSec setup, but is not so secure. Press [SPACE BAR] and

choose from DH1 or DH2 to enable PFS. DH1 refers to Diffie-Hellman Group 1 a 768

bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random

number (more secure, yet slower).

When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to

save your configuration, or press [ESC] at any time to cancel.

Table 209

Menu 27.1.1.1: IKE Setup (continued)

FIELD

DESCRIPTION

Table 210 Active Protocol: Encapsulation and Security Protocol

MODE

SECURITY PROTOCOL

Tunnel

ESP

Transport

AH