1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. SBG5500 Series
  6. User manual

Pre-Shared Key; Diffie-Hellman (Dh) Key Groups - ZyXEL Communications SBG5500 Series User Manual

Hide thumbs
Table of Contents

Advertisement

Section 10.6 on page
SAs.
The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address,
domain name, or e-mail address.
Table 83 Local ID Type and Content Fields
LOCAL ID TYPE=
IP
FQDN
User-FQDN
10.9.7.1 ID Type and Content Examples
Two IPsec routers must have matching ID type and content configuration in order to set up a VPN
tunnel.
The two SBGs in this example can complete negotiation and establish a VPN tunnel.
Table 84 Matching ID Type and Content Configuration Example
SBG A
Local ID type: User-FQDN
Local ID content: tom@yourcompany.com
Remote ID type: IP
Remote ID content: 1.1.1.2
The two SBGs in this example cannot complete their negotiation because SBG B's Local ID type is IP, but
SBG A's Remote ID type is set to E-mail. An "ID mismatched" message displays in the IPSEC LOG.
Table 85 Mismatching ID Type and Content Configuration Example
SBG A
Local ID type: IP
Local ID content: 1.1.1.10
Remote ID type: User-FQDN
Remote ID content: aa@yahoo.com

10.9.8 Pre-Shared Key

A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see
on page 188
party before you can communicate with them over a secure connection.

10.9.9 Diffie-Hellman (DH) Key Groups

Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared
secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to
establish session keys. 768-bit, 1024-bit 1536-bit, 2048-bit, and 3072-bit Diffie-Hellman groups are
176). The ID type and content act as an extra level of identification for incoming
CONTENT=
Type the IP address of your computer.
Type a domain name (up to 31 characters) by which to identify this SBG.
Type an e-mail address (up to 31 characters) by which to identify this SBG.
The domain name or e-mail address that you use in the Local ID Content field is used
for identification purposes only and does not need to be a real domain name or e-
mail address.
for more on IKE phases). It is called "pre-shared" because you have to share it with another
SBG5500/3310 Series User's Guide
Chapter 10 VPN
SBG B
Local ID type: IP
Local ID content: 1.1.1.2
Remote ID type: E-mail
Remote ID content: tom@yourcompany.com
SBG B
Local ID type: IP
Local ID content: 1.1.1.2
Remote ID type: IP
Remote ID content: 1.1.1.0
192
Section 10.9.3

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications SBG5500 Series

Related Content for ZyXEL Communications SBG5500 Series

This manual is also suitable for:

Sbg3310 seriesSbg5500-aSbg5500-bSbg3310-aSbg5500/3310 series

Table of Contents