Table of Contents
Advertisement
Chapter 4 Create Secure Connections Across the Internet
19 Access a server or other network resource behind the ZyWALL to make sure your access works.
4.6.7 What Can Go Wrong
The IPSec VPN connection must:
• Be enabled
• Use transport mode
• Not be a manual key VPN connection
• Use Pre-Shared Key authentication
• Use a VPN gateway with the Secure Gateway set to 0.0.0.0 if you need to allow L2TP VPN
clients to connect from more than one IP address.
Disconnect any existing L2TP VPN sessions before modifying L2TP VPN settings. The remote users
must make any needed matching configuration changes and re-establish the sessions using the
new settings.
4.7 One-Time Password Version 2 (OTPv2)
Two-factor authentication requires a user to provide two kinds of identification. Purchase the
ZyWALL OTPv2 One-Time Password System for strong two-factor authentication for Web
Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins. For each login a user
must use his ZyWALL OTPv2 token to generate a new OTP password and use it along with his
normal account user name and password (the second kind of identification). An attacker cannot re-
use an OTP password that was already used for login because it is no longer valid. The system
contains SafeWord 2008 authentication server software, hardware OTPv2 tokens, and software
OTPv2 tokens for Windows computers and Android and iOS mobile devices.
Figure 33 OTPv2 Example
Here is an overview of how to use OTP. See the ZyWALL OTPv2 support note for details.
90
*****
OTP PIN
SafeWord 2008
Authentication Server
File
Email
Server
Server
ZyWALL USG100-PLUS User's Guide
Web-based
Application
Hide quick links:
Advertisement
Table of Contents
