ZyXEL Communications ZyWALL USG 300 User Manual page 496
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 300:
- User manual (1121 pages) ,
- Quick start manual (128 pages) ,
- Specifications (4 pages)
Table of Contents
Advertisement
Chapter 25 IPSec VPN
Table 131 Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued)
LABEL
NAT Traversal
Dead Peer
Detection
(DPD)
More Settings/
Less Settings
Extended
Authentication
Enable Extended
Authentication
Server Mode
Client Mode
User Name
Password
OK
Cancel
496
DESCRIPTION
Select this if any of these conditions are satisfied.
•
This IKE SA might be used to negotiate IPSec SAs that use ESP as
the active protocol.
•
There are one or more NAT routers between the ZyWALL and
remote IPSec router, and these routers do not support IPSec
pass-thru or a similar feature.
The remote IPSec router must also enable NAT traversal, and the
NAT routers have to forward packets with UDP port 500 and UDP
4500 headers unchanged.
Select this check box if you want the ZyWALL to make sure the
remote IPSec router is there before it transmits data through the IKE
SA. The remote IPSec router must support DPD. If there has been no
traffic for at least 15 seconds, the ZyWALL sends a message to the
remote IPSec router. If the remote IPSec router responds, the
ZyWALL transmits the data. If the remote IPSec router does not
respond, the ZyWALL shuts down the IKE SA.
If the remote IPSec router does not support DPD, see if you can use
the VPN connection connectivity check (see
478).
Click this button to show or hide the Extended Authentication
fields.
When multiple IPSec routers use the same VPN tunnel to connect to
a single VPN tunnel (telecommuters sharing a tunnel for example),
use extended authentication to enforce a user name and password
check. This way even though they all know the VPN tunnel's security
settings, each still has to provide a unique user name and password.
Select this if one of the routers (the ZyWALL or the remote IPSec
router) verifies a user name and password from the other router
using the local user database and/or an external server.
Select this if the ZyWALL authenticates the user name and password
from the remote IPSec router. You also have to select the
authentication method, which specifies how the ZyWALL
authenticates this information.
Select this radio button if the ZyWALL provides a username and
password to the remote IPSec router for authentication. You also
have to provide the User Name and the Password.
This field is required if the ZyWALL is in Client Mode for extended
authentication. Type the user name the ZyWALL sends to the remote
IPSec router. The user name can be 1-31 ASCII characters. It is
case-sensitive, but spaces are not allowed.
This field is required if the ZyWALL is in Client Mode for extended
authentication. Type the password the ZyWALL sends to the remote
IPSec router. The password can be 1-31 ASCII characters. It is case-
sensitive, but spaces are not allowed.
Click OK to save your settings and exit this screen.
Click Cancel to exit this screen without saving.
Section 25.2.1 on page
ZyWALL USG 300 User's Guide
- Quick Links:
- Web Configurator
- Quick Setup
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
