ZyXEL Communications Unified Security Gateway ZyWALL 300 User Manual page 316
Unified security gateway
Hide thumbs
Also See for Unified Security Gateway ZyWALL 300:
- User manual (1156 pages) ,
- Quick start manual (128 pages) ,
- Specifications (4 pages)
Table of Contents
Advertisement
Chapter 20 IPSec VPN
Table 96 VPN > IPSec VPN > VPN Gateway > Edit (continued)
LABEL
Secure
Gateway
Address
Authentication
Method
Pre-Shared
Key
Certificate
Local ID Type
Content
316
DESCRIPTION
Type the IP address or the domain name of the remote IPSec router. Set this field
to 0.0.0.0 if the remote IPSec router has a dynamic IP address. You can provide
a second IP address or domain name. In this case, if the ZyWALL cannot
establish an IKE SA with the first one, it tries to establish an IKE SA with the
second one.
Note: The ZyWALL and remote IPSec router must use the same
authentication method to establish the IKE SA.
Select this if the ZyWALL and remote IPSec router do not use certificates to
identify each other when they negotiate the IKE SA. Then, type the pre-shared
key in the field to the right. The pre-shared key can be
•
8 - 32 alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./<>=-".
•
16 - 64 hexadecimal (0-9, A-F) characters, preceded by "0x".
If you want to enter the key in hexadecimal, type "0x" at the beginning of the key.
For example, "0x0123456789ABCDEF" is in hexadecimal format; in
"0123456789ABCDEF" is in ASCII format. If you use hexadecimal, you must
enter twice as many characters as listed above.
The ZyWALL and remote IPSec router must use the same pre-shared key.
Select this if the ZyWALL and remote IPSec router use certificates to identify
each other when they negotiate the IKE SA. Then, select the certificate the
remote IPSec router uses to identify the ZyWALL. This certificate is one of the
certificates in My Certificates.
Note: The ZyWALL must import the remote IPSec router's
certificate before it can establish the IKE SA.
The ZyWALL uses one of its Trusted Certificates to authenticate the remote
IPSec router. The trusted certificate can be a self-signed certificate or that of a
trusted CA that signed the remote IPSec router's certificate.
This field is read-only if the ZyWALL and remote IPSec router use certificates to
identify each other. Select which type of identification is used to identify the
ZyWALL during authentication. Choices are:
IP - the ZyWALL is identified by an IP address
DNS - the ZyWALL is identified by a domain name
E-mail - the ZyWALL is identified by an e-mail address
This field is read-only if the ZyWALL and remote IPSec router use certificates to
identify each other. Type the identity of the ZyWALL during authentication. The
identity depends on the Local ID Type.
IP - type an IP address; if you type 0.0.0.0, the ZyWALL uses the IP address
specified in the My Address field. This is not recommended in the following
situations:
•
There is a NAT router between the ZyWALL and remote IPSec router.
•
You want the remote IPSec router to be able to distinguish between IPSec SA
requests that come from IPSec routers with dynamic WAN IP addresses.
In these situations, use a different IP address, or use a different Local ID Type.
DNS - type the domain name; you can use up to 31 ASCII characters including
spaces, although trailing spaces are truncated. This value is only used for
identification and can be any string.
E-mail - the ZyWALL is identified by an e-mail address; you can use up to 31
ASCII characters including spaces, although trailing spaces are truncated. This
value is only used for identification and can be any string.
ZyWALL USG 300 User's Guide
Advertisement
Table of Contents
Troubleshooting
