What You Need To Know About Ipsec Vpn; Ike Sa (Ike Phase 1) Overview; Figure 103 Vpn: Ike Sa And Ipsec Sa - ZyXEL Communications X550N - V3.60 User Manual

X550n series wireless n gigabit router

Hide thumbs

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

Table of Contents

Chapter 15 IPSec VPN

15.1.2 What You Need To Know About IPSec VPN

A VPN tunnel is usually established in two phases. Each phase establishes a security

association (SA), a contract indicating what security parameters the X550N and the remote

IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between

the X550N and remote IPSec router. The second phase uses the IKE SA to securely establish

an IPSec SA through which the X550N and remote IPSec router can send data between

computers on the local network and remote network. The following figure illustrates this.

Figure 103 VPN: IKE SA and IPSec SA

In this example, a computer in network A is exchanging data with a computer in network B.

Inside networks A and B, the data is transmitted the same way data is normally transmitted in

the networks. Between routers X and Y, the data is protected by tunneling, encryption,

authentication, and other security features of the IPSec SA. The IPSec SA is established

securely using the IKE SA that routers X and Y established first.

15.1.3 IKE SA (IKE Phase 1) Overview

The IKE SA provides a secure connection between the X550N and remote IPSec router.

It takes several steps to establish an IKE SA. The negotiation mode determines the number of

steps to use. There are two negotiation modes--main mode and aggressive mode. Main mode

provides better security, while aggressive mode is faster.

Note: Both routers must use the same negotiation mode.

These modes are discussed in more detail in

used in various examples in the rest of this section.

15.1.3.1 IP Addresses of the X550N and Remote IPSec Router

In the X550N, you have to specify the IP addresses of the X550N and the remote IPSec router

to establish an IKE SA.

You can usually provide a static IP address or a domain name for the X550N. Sometimes, your

X550N might also offer another alternative, such as using the IP address of a port or interface.

166

Negotiation Mode on page

X550N Series User's Guide

187. Main mode is

Table of Contents

Troubleshooting

This manual is also suitable for:

X550n X550nh

What You Need To Know About Ipsec Vpn; Ike Sa (Ike Phase 1) Overview; Figure 103 Vpn: Ike Sa And Ipsec Sa - ZyXEL Communications X550N - V3.60 User Manual

15.1.2 What You Need To Know About IPSec VPN

Figure 103 VPN: IKE SA and IPSec SA

15.1.3 IKE SA (IKE Phase 1) Overview

Troubleshooting

Related Manuals for ZyXEL Communications X550N - V3.60

Related Content for ZyXEL Communications X550N - V3.60

This manual is also suitable for:

Table of Contents