Chapter 4 Easy Mode
ZyWALL USG Series User’s Guide
127
• Main encrypts the ZyWALL/USG’s and remote IPSec router’s identities but takes more time to
establish the IKE SA
• Aggressive is faster but does not encrypt the identities.
The ZyWALL/USG and the remote IPSec router must use the same negotiation mode. Multiple SAs
connecting through a secure gateway must have the same negotiation mode.
• Encryption Algorithm: This displays the encryption method used. The longer the key, the higher the
security, the lower the throughput (possibly).
• DES uses a 56-bit key.
• 3DES uses a 168-bit key.
• AES128 uses a 128-bit key
• AES192 uses a 192-bit key
• AES256 uses a 256-bit key.
• Authentication Algorithm: This displays the authentication algorithm used. The stronger the algorithm,
the slower it is.
• MD5 gives minimal security.
• SHA1 gives higher security
• SHA256 gives the highest security.
• Key Group: This displays the Diffie-Hellman (DH) key group used. DH5 is more secure than DH1 or DH2
(although it may affect throughput).
• DH1 uses a 768 bit random number.
• DH2 uses a 1024 bit (1Kb) random number.
• DH5 uses a 1536 bit random number.
Phase 2
• Active Protocol: This displays ESP (compatible with NAT) or AH.
• Encapsulation: This displays Tunnel (compatible with NAT) or Transport.
• Encryption Algorithm: This displays the encryption method used. The longer the key, the higher the
security, the lower the throughput (possibly).
• DES uses a 56-bit key.
• 3DES uses a 168-bit key.
• AES128 uses a 128-bit key
• AES192 uses a 192-bit key
• AES256 uses a 256-bit key.
• Null uses no encryption.
• Authentication Algorithm: This displays the authentication algorithm used. The stronger the algorithm,
the slower it is.
• MD5 gives minimal security.
• SHA1 gives higher security
• SHA256 gives the highest security.
The Configuration for Secure Gateway displays the configuration that the Zyxel Device IPSec VPN Client
will get from the Zyxel Device.
To Next Page
Loading...
