ZyXEL Communications ZyWall USG20-VPN User Manual page 353

Table 137 Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit (continued)
LABEL DESCRIPTION
X Auth / Extended This part of the screen displays X-Auth when using IKEv1 and Extended
Authentication Authentication Protocol when using IKEv2.
Protocol
X-Auth This displays when using IKEv1. When different users use the same VPN tunnel to
connect to the USG (telecommuters sharing a tunnel for example), use X-auth to
enforce a user name and password check. This way even though telecommuters all
know the VPN tunnel's security settings, each still has to provide a unique user name
and password.
Enable Extended Select this if one of the routers (the USG or the remote IPSec router) verifies a user
Authentication
name and password from the other router using the local user database and/or an
external server.
Server Mode Select this if the USG authenticates the user name and password from the remote
IPSec router. You also have to select the authentication method, which specifies how
the USG authenticates this information.
Client Mode Select this radio button if the USG provides a username and password to the remote
IPSec router for authentication. You also have to provide the User Name and the
Password.
User Name This field is required if the USG is in Client Mode for extended authentication. Type the
user name the USG sends to the remote IPSec router. The user name can be 1-31
ASCII characters. It is case-sensitive, but spaces are not allowed.
Password This field is required if the USG is in Client Mode for extended authentication. Type the
password the USG sends to the remote IPSec router. The password can be 1-31 ASCII
characters. It is case-sensitive, but spaces are not allowed.
Retype to Type the exact same password again here to make sure an error was not made when
Confirm
typing it originally.
Extended This displays when using IKEv2. EAP uses a certificate for authentication.
Authentication
Protocol
Enable Extended Select this if one of the routers (the USG or the remote IPSec router) verifies a user
Authentication
name and password from the other router using the local user database and/or an
external server or a certificate.
Server Mode Select this if the USG authenticates the user name and password from the remote
IPSec router. You also have to select an AAA method, which specifies how the USG
authenticates this information and who may be authenticated (Allowed User).
Client Mode Select this radio button if the USG provides a username and password to the remote
IPSec router for authentication. You also have to provide the User Name and the
Password.
User Name This field is required if the USG is in Client Mode for extended authentication. Type the
user name the USG sends to the remote IPSec router. The user name can be 1-31
ASCII characters. It is case-sensitive, but spaces are not allowed.
Password This field is required if the USG is in Client Mode for extended authentication. Type the
password the USG sends to the remote IPSec router. The password can be 1-31 ASCII
characters. It is case-sensitive, but spaces are not allowed.
Retype to Type the exact same password again here to make sure an error was not made when
Confirm
typing it originally.
OK Click OK to save your settings and exit this screen.
Cancel Click Cancel to exit this screen without saving.
Chapter 21 IPSec VPN
USG20(W)-VPN Series User's Guide
353