ZyXEL Communications ZYWALL 2 PLUS User Manual page 249
Internet security appliance
Hide thumbs
Also See for ZYWALL 2 PLUS:
- User manual (686 pages) ,
- Quick start manual (137 pages) ,
- Firmware release notes (43 pages)
Table of Contents
Advertisement
Table 65 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy (continued)
LABEL
Peer ID Type
Content
Extended
Authentication
Enable Extended
Authentication
ZyWALL 2 Plus User's Guide
DESCRIPTION
Select from the following when you set Authentication Key to Pre-shared Key.
Select IP to identify the remote IPSec router by its IP address.
Select DNS to identify the remote IPSec router by a domain name.
Select E-mail to identify the remote IPSec router by an e-mail address.
Select from the following when you set Authentication Key to Certificate.
Select IP to identify the remote IPSec router by the IP address in the subject
alternative name field of the certificate it uses for this VPN connection.
Select DNS to identify the remote IPSec router by the domain name in the subject
alternative name field of the certificate it uses for this VPN connection.
Select E-mail to identify the remote IPSec router by the e-mail address in the
subject alternative name field of the certificate it uses for this VPN connection.
Select Subject Name to identify the remote IPSec router by the subject name of
the certificate it uses for this VPN connection.
Select Any to have the ZyWALL not check the remote IPSec router's ID.
The configuration of the peer content depends on the peer ID type.
Do the following when you set Authentication Key to Pre-shared Key.
For IP, type the IP address of the computer with which you will make the VPN
connection. If you configure this field to 0.0.0.0 or leave it blank, the ZyWALL will
use the address in the Remote Gateway Address field (refer to the Remote
Gateway Address field description).
For DNS or E-mail, type a domain name or e-mail address by which to identify
the remote IPSec router. Use up to 31 ASCII characters including spaces,
although trailing spaces are truncated. The domain name or e-mail address is for
identification purposes only and can be any string.
It is recommended that you type an IP address other than 0.0.0.0 or use the DNS
or E-mail ID type in the following situations:
1. When there is a NAT router between the two IPSec routers.
2. When you want the ZyWALL to distinguish between VPN connection requests
that come in from remote IPSec routers with dynamic WAN IP addresses.
Do the following when you set Authentication Key to Certificate.
1. For IP, type the IP address from the subject alternative name field of the
certificate the remote IPSec router will use for this VPN connection. If you
configure this field to 0.0.0.0 or leave it blank, the ZyWALL will use the address in
the Remote Gateway Address field (refer to the Remote Gateway Address
field description).
2. For DNS or E-mail, type the domain name or e-mail address from the subject
alternative name field of the certificate the remote IPSec router will use for this
VPN connection.
3. For Subject Name, type the subject name of the certificate the remote IPSec
router will use for this VPN connection. Use up to255 ASCII characters including
spaces.
4. For Any, the peer Content field is not available.
5. Regardless of how you configure the ID Type and Content fields, two active
IPSec SAs cannot have both the local and remote IP address ranges overlap
between rules.
Select this check box to activate extended authentication.
Chapter 14 IPSec VPN
249
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZYWALL 2 PLUS
Related Products for ZyXEL Communications ZYWALL 2 PLUS
- ZyXEL Communications 2R-P1C
- ZyXEL Communications Prestige 2304R-P1
- ZyXEL Communications 802.11g ADSL 2+ 4-Port Security Gateway HW-D Series
- ZyXEL Communications Prestige 2302R Series
- ZyXEL Communications ZyXEL ZyWALL 2WE
- ZyXEL Communications PRESTIGE 2302RL -
- ZyXEL Communications ZYWALL 20W -
- ZyXEL Communications Prestige 2602HW-C Series