IPsec Tunnel Setup

SZ and vSZ maintain different centralized deployment models for IPsec tunnel setup..
Figure 1. IPsec Tunnel Setup: SZ and External Server
Figure 2. IPSec Tunnel Setup - vSZ and External Server
Note: The SSH encryption algorithm, the SSH integrity MAC algorithm, the SSH client and server parameters, and the rekey limitation are not user-configurable. The rekey limitation is 1 hour or 1 GB of data traffic when the DP or AP connects to the SZ SSH server as an SSH client. The SSH client or server discards the data packets if the incoming packet size exceeds the packet size limitation; the maximum packet size is 256 KB.