Ipsec Vpn Background Information - ZyXEL Communications ISG50-ISDN User Manual

Chapter 24 IPSec VPN
Table 126 Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued)
LABEL
Enable Extended
Authentication
Server Mode
Client Mode
User Name
Password
OK
Cancel

24.4 IPSec VPN Background Information

Here is some more detailed IPSec VPN background information.
IKE SA Overview
The IKE SA provides a secure connection between the ISG50 and remote IPSec router.
It takes several steps to establish an IKE SA. The negotiation mode determines how many. There
are two negotiation modes--main mode and aggressive mode. Main mode provides better security,
while aggressive mode is faster.
Note: Both routers must use the same negotiation mode.
These modes are discussed in more detail in
various examples in the rest of this section.
IP Addresses of the ISG50 and Remote IPSec Router
To set up an IKE SA, you have to specify the IP addresses of the ISG50 and remote IPSec router.
You can usually enter a static IP address or a domain name for either or both IP addresses.
Sometimes, your ISG50 might offer another alternative, such as using the IP address of a port or
interface, as well.
You can also specify the IP address of the remote IPSec router as 0.0.0.0. This means that the
remote IPSec router can have any IP address. In this case, only the remote IPSec router can initiate
an IKE SA because the ISG50 does not know the IP address of the remote IPSec router. This is
often used for telecommuters.
386
DESCRIPTION
Select this if one of the routers (the ISG50 or the remote IPSec router)
verifies a user name and password from the other router using the local user
database and/or an external server.
Select this if the ISG50 authenticates the user name and password from the
remote IPSec router. You also have to select the authentication method,
which specifies how the ISG50 authenticates this information.
Select this radio button if the ISG50 provides a username and password to
the remote IPSec router for authentication. You also have to provide the
User Name and the Password.
This field is required if the ISG50 is in Client Mode for extended
authentication. Type the user name the ISG50 sends to the remote IPSec
router. The user name can be 1-31 ASCII characters. It is case-sensitive, but
spaces are not allowed.
This field is required if the ISG50 is in Client Mode for extended
authentication. Type the password the ISG50 sends to the remote IPSec
router. The password can be 1-31 ASCII characters. It is case-sensitive, but
spaces are not allowed.
Click OK to save your settings and exit this screen.
Click Cancel to exit this screen without saving.
Negotiation Mode on page 389. Main mode is used in
ISG50 User's Guide