ZyXEL Communications ZyWall ATP series User Manual page 400

Table 158 Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit (continued)
LABEL DESCRIPTION
X-Auth This displays when using IKEv1. When different users use the same VPN tunnel to connect to
the Zyxel Device (telecommuters sharing a tunnel for example), use X-auth to enforce a
user name and password check. This way even though telecommuters all know the VPN
tunnel's security settings, each still has to provide a unique user name and password.
Enable Extended Select this if one of the routers (the Zyxel Device or the remote IPSec router) verifies a user
Authentication
name and password from the other router using the local user database and/or an external
server.
Server Mode Select this if the Zyxel Device authenticates the user name and password from the remote
IPSec router. You also have to select the authentication method, which specifies how the
Zyxel Device authenticates this information.
AAA Method Select the authentication method, which specifies how the Zyxel Device authenticates this
information.
Allowed User Extended authentication now supports an allowed user. Select what users should be
authenticated.
Client Mode Select this radio button if the Zyxel Device provides a username and password to the
remote IPSec router for authentication. You also have to provide the User Name and the
Password.
User Name This field is required if the Zyxel Device is in Client Mode for extended authentication. Type
the user name the Zyxel Device sends to the remote IPSec router. The user name can be 1-
31 ASCII characters. It is case-sensitive, but spaces are not allowed.
Password This field is required if the Zyxel Device is in Client Mode for extended authentication. Type
the password the Zyxel Device sends to the remote IPSec router. The password can be 1-31
ASCII characters. It is case-sensitive, but spaces are not allowed.
Retype to Type the exact same password again here to make sure an error was not made when
Confirm
typing it originally.
Extended This displays when using IKEv2. EAP uses a certificate for authentication.
Authentication
Protocol
Enable Extended Select this if one of the routers (the Zyxel Device or the remote IPSec router) verifies a user
Authentication
name and password from the other router using the local user database and/or an external
Protocol
server or a certificate.
Allowed Auth This field displays the authentication method that is used to authenticate the users.
Method
Server Mode Select this if the Zyxel Device authenticates the user name and password from the remote
IPSec router. You also have to select an AAA method, which specifies how the Zyxel Device
authenticates this information and who may be authenticated (Allowed User).
Client Mode Select this radio button if the Zyxel Device provides a username and password to the
remote IPSec router for authentication. You also have to provide the User Name and the
Password.
User Name This field is required if the Zyxel Device is in Client Mode for extended authentication. Type
the user name the Zyxel Device sends to the remote IPSec router. The user name can be 1-
31 ASCII characters. It is case-sensitive, but spaces are not allowed.
Password This field is required if the Zyxel Device is in Client Mode for extended authentication. Type
the password the Zyxel Device sends to the remote IPSec router. The password can be 1-31
ASCII characters. It is case-sensitive, but spaces are not allowed.
Retype to Type the exact same password again here to make sure an error was not made when
Confirm
typing it originally.
OK Click OK to save your settings and exit this screen.
Cancel Click Cancel to exit this screen without saving.
Chapter 20 IPSec VPN
ZyWALL ATP Series User's Guide
400