ZyXEL Communications USG40 User Manual page 142

Figure 115 VPN Advanced Wizard: Scenario
IKE (Internet Key Exchange) Version: IKEv1 and IKEv2
IKE (Internet Key Exchange) is a protocol used in security associations to send data securely. IKE
uses certificates or pre-shared keys for authentication and a Diffie–Hellman key exchange to set up
a shared session secret from which encryption keys are derived.
IKEv2 supports Extended Authentication Protocol (EAP) authentication, and IKEv1 supports X-Auth.
EAP is important when connecting to existing enterprise authentication systems.
Scenario
Rule Name: Type the name used to identify this VPN connection (and VPN gateway). You may use
1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a
number. This value is case-sensitive.
Select the scenario that best describes your intended VPN connection. The figure on the left of the
screen changes to match the scenario you select.
• Site-to-site - The remote IPSec device has a static IP address or a domain name. This ZyWALL/
USG can initiate the VPN tunnel.
• Site-to-site with Dynamic Peer - The remote IPSec device has a dynamic IP address. Only the
remote IPSec device can initiate the VPN tunnel.
• Remote Access (Server Role) - Allow incoming connections from IPSec VPN clients. The
clients have dynamic IP addresses and are also known as dial-in users. Only the clients can
initiate the VPN tunnel.
Chapter 5 Quick Setup Wizards
ZyWALL/USG Series User's Guide
142