ZyXEL Communications USG40 User Manual page 358
Usg series
Hide thumbs
Also See for USG40:
- User manual (994 pages) ,
- Handbook (810 pages) ,
- Reference manual (665 pages)
Table of Contents
Advertisement
Table 146 Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit (continued)
LABEL
DESCRIPTION
Peer ID Type
Select which type of identification is used to identify the remote IPSec router during
authentication. Choices are:
IP - the remote IPSec router is identified by an IP address
DNS - the remote IPSec router is identified by a domain name
E-mail - the remote IPSec router is identified by the string specified in this field
Any - the ZyWALL/USG does not check the identity of the remote IPSec router
If the ZyWALL/USG and remote IPSec router use certificates, there is one more choice.
Subject Name - the remote IPSec router is identified by the subject name in the
certificate
Content
This field is disabled if the Peer ID Type is Any. Type the identity of the remote IPSec
router during authentication. The identity depends on the Peer ID Type.
If the ZyWALL/USG and remote IPSec router do not use certificates,
IP - type an IP address; see the note at the end of this description.
DNS - type the fully qualified domain name (FQDN). This value is only used for
identification and can be any string that matches the peer ID string.
E-mail - the remote IPSec router is identified by the string you specify here; you can
use up to 31 ASCII characters including spaces, although trailing spaces are truncated.
This value is only used for identification and can be any string.
If the ZyWALL/USG and remote IPSec router use certificates, type the following fields
from the certificate used by the remote IPSec router.
IP - subject alternative name field; see the note at the end of this description.
DNS - subject alternative name field
E-mail - subject alternative name field
Subject Name - subject name (maximum 255 ASCII characters, including spaces)
Note: If Peer ID Type is IP, please read the rest of this section.
If you type 0.0.0.0, the ZyWALL/USG uses the IP address specified in the Secure
Gateway Address field. This is not recommended in the following situations:
•
•
In these situations, use a different IP address, or use a different Peer ID Type.
Phase 1 Settings
SA Life Time
Type the maximum number of seconds the IKE SA can last. When this time has passed,
(Seconds)
the ZyWALL/USG and remote IPSec router have to update the encryption and
authentication keys and re-negotiate the IKE SA. This does not affect any existing
IPSec SAs, however.
Negotiation
Select the negotiation mode to use to negotiate the IKE SA. Choices are
Mode
Main - this encrypts the ZyWALL/USG's and remote IPSec router's identities but takes
more time to establish the IKE SA
Aggressive - this is faster but does not encrypt the identities
The ZyWALL/USG and the remote IPSec router must use the same negotiation mode.
Proposal
Use this section to manage the encryption algorithm and authentication algorithm pairs
the ZyWALL/USG accepts from the remote IPSec router for negotiating the IKE SA.
Chapter 19 IPSec VPN
There is a NAT router between the ZyWALL/USG and remote IPSec router.
You want the remote IPSec router to be able to distinguish between IPSec SA
requests that come from IPSec routers with dynamic WAN IP addresses.
ZyWALL/USG Series User's Guide
358
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications USG40
Related Products for ZyXEL Communications USG40
- ZyXEL Communications ZYWALL USG 300
- ZyXEL Communications USG-50 - V2.21 ED 1
- ZyXEL Communications USG-100@USG-200 - V2.20 ED 2
- ZyXEL Communications USG-300 - V2.20 ED 2
- ZyXEL Communications ZYWALL USG 20W
- ZyXEL Communications UAG Series
- ZyXEL Communications ZyWALL USG100-Plus
- ZyXEL Communications ZyWALL USG 2000