Table 57 SECURITY > VPN > VPN Rules (IKE) (continued)
LABEL
Network Policies
Local
Network
Remote
Network
Recycle Bin
13.3 IKE SA Setup
This section provides more details about IKE SAs.
13.3.1 IKE SA Proposal
The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm,
and Diffie-Hellman (DH) key group that the ZyWALL and remote IPSec router use in the IKE
SA. In main mode, this is done in steps 1 and 2, as illustrated below.
Figure 130 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal
ZyWALL P1 User's Guide
DESCRIPTION
Click this icon to add a VPN network policy.
The subsequent rows in a VPN rule are network policies. A network policy
identifies the devices behind the IPSec routers at either end of a VPN tunnel
and specifies the authentication, encryption and other settings needed to
negotiate a phase 2 IPSec SA.
This is the network behind the ZyWALL. A network policy specifies which
devices (behind the IPSec routers) can use the VPN tunnel.
This is the remote network behind the remote IPsec router.
Click this icon to display a screen in which you can associate a network policy
to a gateway policy.
Click this icon to display a screen in which you can change the settings of a
gateway or network policy.
Click this icon to delete a gateway or network policy. If you delete a gateway
policy, the ZyWALL automatically moves the associated network policy(ies) to
the recycle bin.
Click this icon to establish a VPN connection to a remote network.
This indicates that a network policy is not active.
The recycle bin holds any network policies without an associated gateway
policy.
Chapter 13 IPSec VPN
205