Ike Phases; Figure 147 Two Phases To Set Up The Ipsec Sa; Table 98 Mismatching Id Type And Content Configuration Example - ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0 User Manual

ZyWALL 5/35/70 Series User's Guide
Table 97 Matching ID Type and Content Configuration Example
ZYWALL A
Peer ID type: IP
Peer ID content: 1.1.1.2
The two ZyWALLs in this example cannot complete their negotiation because ZyWALL B's
Local ID type is IP, but ZyWALL A's Peer ID type is set to E-mail. An ID mismatched
message displays in the IPSec log.

Table 98 Mismatching ID Type and Content Configuration Example

ZYWALL A
Local ID type: IP
Local ID content: 1.1.1.10
Peer ID type: E-mail
Peer ID content: aa@yahoo.com

19.8 IKE Phases

There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1
(Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and
the second one uses that SA to negotiate SAs for IPSec.

Figure 147 Two Phases to Set Up the IPSec SA

In phase 1 you must:
• Choose a negotiation mode.
• Authenticate the connection by entering a pre-shared key.
• Choose an encryption algorithm.
309
ZYWALL B
Peer ID type: E-mail
Peer ID content: tom@yourcompany.com
ZYWALL B
Local ID type: IP
Local ID content: 1.1.1.10
Peer ID type: IP
Peer ID content: N/A
Chapter 19 VPN Screens