Ipsec Vpn Background Information - ZyXEL Communications ZyWall USG20-VPN User Manual

Table 140 Configuration > VPN > IPSec VPN > Configuration Provisioning (continued)
LABEL
Add
Edit
Remove
Activate
Inactivate
Move
Status
Priority
VPN Connection
Allowed User
Apply
Reset

21.6 IPSec VPN Background Information

Here is some more detailed IPSec VPN background information.
IKE SA Overview
The IKE SA provides a secure connection between the USG and remote IPSec router.
It takes several steps to establish an IKE SA. The negotiation mode determines how many. There
are two negotiation modes--main mode and aggressive mode. Main mode provides better security,
while aggressive mode is faster.
Note: Both routers must use the same negotiation mode.
These modes are discussed in more detail in
various examples in the rest of this section.
Chapter 21 IPSec VPN
DESCRIPTION
Click Add to bind a configured VPN rule to a user or group. Only that user or group may
then retrieve the specified VPN rule settings.
If you click Add without selecting an entry in advance then the new entry appears as the
first entry. Entry order is important as the USG searches entries in the order listed here to
find a match. After a match is found, the USG stops searching. If you want to add an entry
as number three for example, then first select entry 2 and click Add. To reorder an entry,
use Move.
Select an existing entry and click Edit to change its settings.
To remove an entry, select it and click Remove. The USG confirms you want to remove it
before doing so.
To turn on an entry, select it and click Activate. Make sure that Enable Configuration
Provisioning is also selected.
To turn off an entry, select it and click Inactivate.
Use Move to reorder a selected entry. Select an entry, click Move, type the number where
the entry should be moved, press <ENTER>, then click Apply.
This icon shows if the entry is active (yellow) or not (gray). VPN rule settings can only be
retrieved when the entry is activated (and Enable Configuration Provisioning is also
selected).
Priority shows the order of the entry in the list. Entry order is important as the USG
searches entries in the order listed here to find a match. After a match is found the USG
stops searching.
This field shows all configured VPN rules that match the rule criteria for the
client. Select a rule to bind to the associated user or group.
Select which user or group of users is allowed to retrieve the associated VPN rule settings
USG IPSec
using the VPN client. A user may belong to a number of groups. If entries are
configured for different groups, the USG will allow VPN rule setting retrieval based on the
first match found.
Users of type admin or limited-admin are not allowed.
Click Apply to save your changes back to the USG.
Click Reset to return the screen to its last-saved settings.
USG20(W)-VPN Series User's Guide
Negotiation Mode on page
358
USG IPSec
VPN
362. Main mode is used in