ZyXEL Communications Vantage CNM User Manual page 194
Centralized network management
Hide thumbs
Also See for Vantage CNM:
- User manual (433 pages) ,
- Quick start manual (36 pages) ,
- User manual (703 pages)
Table of Contents
Advertisement
Vantage CNM User's Guide
Table 69 Configuration > VPN > IKE Policy (continued)
LABEL
Pre-Shared Key
Certificate
Local ID Type
Content
193
DESCRIPTION
Select the Pre-Shared Key radio button and type your pre-shared key in this
field. A pre-shared key identifies a communicating party during a phase 1 IKE
negotiation. It is called "pre-shared" because you have to share it with another
party before you can communicate with them over a secure connection.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62
hexadecimal ("0-9", "A-F") characters. You must precede a hexadecimal key
with a "0x (zero x), which is not counted as part of the 16 to 62 character range
for the key. For example, in "0x0123456789ABCDEF", 0x denotes that the key
is hexadecimal and 0123456789ABCDEF is the key itself.
Both ends of the VPN tunnel must use the same pre-shared key. You will
receive a PYLD_MALFORMED (payload malformed) packet if the same pre-
shared key is not used on both ends.
Select the Certificate radio button to identify the ZyWALL by a certificate.
Use the drop-down list box to select the certificate to use for this VPN tunnel.
You must have certificates already configured in the My Certificates screen.
Click My Certificates to go to the My Certificates screen where you can view
the ZyWALL's list of certificates.
Select IP to identify this ZyWALL by its IP address.
Select DNS to identify this ZyWALL by a domain name.
Select E-mail to identify this ZyWALL by an e-mail address.
You do not configure the local ID type and content when you set
Authentication Key to Certificate. The ZyWALL takes them from the
certificate you select.
When you select IP in the Local ID Type field, type the IP address of your
computer in the local Content field. The ZyWALL automatically uses the IP
address in the My ZyWALL field (refer to the My ZyWALL field description) if
you configure the local Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the local
Content field or use the DNS or E-mail ID type in the following situations.
•
When there is a NAT router between the two IPSec routers.
•
When you want the remote IPSec router to be able to distinguish between
VPN connection requests that come in from IPSec routers with dynamic
WAN IP addresses.
When you select DNS or E-mail in the Local ID Type field, type a domain
name or e-mail address by which to identify this ZyWALL in the local Content
field. Use up to 31 ASCII characters including spaces, although trailing spaces
are truncated. The domain name or e-mail address is for identification
purposes only and can be any string.
Chapter 11 Configuration > VPN
Advertisement
Table of Contents
