1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. SBG5500 Series
  6. User manual

ZyXEL Communications SBG5500 Series User Manual page 168

Hide thumbs
Table of Contents

Advertisement

Table 72 VPN Gateway: Add/Edit
LABEL
Pre-Shared Key
Certificate
Advance
Local ID Type
Chapter 10 VPN
DESCRIPTION
Select this to have the SBG and remote IPsec router use a pre-shared key (password)
to identify each other when they negotiate the IKE SA. Type the pre-shared key in
the field to the right. The pre-shared key can be
• 8 - 32 keyboard characters except (=) equals sign, (-) dash, (/) slash, (\) backslash,
or (",') quotation marks.
• 8 - 32 pairs of hexadecimal (0-9, A-F) characters, preceded by "0x".
If you want to enter the key in hexadecimal, type "0x" at the beginning of the key.
For example, "0x0123456789ABCDEF" is in hexadecimal format; in
"0123456789ABCDEF" is in ASCII format. If you use hexadecimal, you must enter
twice as many characters since you need to enter pairs.
The SBG and remote IPsec router must use the same pre-shared key.
Select unmasked to see the pre-shared key in readable plain text.
Note: All remote access application scenario of IPsec rules must use the
same pre-shared key.
In order to use Certificate for IPsec authentication, you need to add new host
certificates in the Firewall / Security > Certificate screen.
Select this to have the SBG and remote IPsec router use certificates to authenticate
each other when they negotiate the IKE SA. Then select the certificate the SBG uses
to identify itself to the remote IPsec router.
This certificate is one of the certificates in Certificate. If this certificate is self-signed,
import it into the remote IPsec router. If this certificate is signed by a CA, the remote
IPsec router must trust that CA.
Note: The IPsec routers must trust each other's certificates.
The SBG uses one of its Trusted CA to authenticate the remote IPsec router's
certificate. The trusted certificate can be a self-signed certificate or that of a trusted
CA that signed the remote IPsec router's certificate.
This field is read-only if the SBG and remote IPsec router use certificates to identify
each other. Select which type of identification is used to identify the SBG during
authentication. Choices are:
IPv4 - the SBG is identified by an IP address.
DNS - the SBG is identified by a domain name.
Email Address - the SBG is identified by the string specified in the Content field.
My Address - the SBG is identified by he IP address specified in the My Address field.
SBG5500/3310 Series User's Guide
168

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications SBG5500 Series

Related Products for ZyXEL Communications SBG5500 Series

This manual is also suitable for:

Sbg3310 seriesSbg5500-aSbg5500-bSbg3310-aSbg5500/3310 series

Table of Contents