Certificates; Vpn Gateway Summary - ZyXEL Communications ZyWALL 1050 User Manual

ZyWALL 1050 User's Guide
In extended authentication, one of the routers (the ZyWALL or the remote IPSec router)
provides a user name and password to the other router, which uses a local user database and/or
an external server to verify the user name and password. If the user name or password is
wrong, the routers do not establish an IKE SA.
You can set up the ZyWALL to provide a user name and password to the remote IPSec router,
or you can set up the ZyWALL to check a user name and password that is provided by the
remote IPSec router.
If you use extended authentication, it takes four more steps to establish an IKE SA. These
steps occur at the end, regardless of the negotiation mode (steps 7-10 in main mode, steps 4-7
in aggressive mode).

12.4.2.4 Certificates

It is possible for the ZyWALL and remote IPSec router to authenticate each other with
certificates. In this case, you do not have to set up the pre-shared key, local identity, or remote
identity because the certificates provide this information instead.
• Instead of using the pre-shared key, the ZyWALL and remote IPSec router check the
signatures on each other's certificates. Unlike pre-shared keys, the signatures do not have
to match.
• The local and peer ID type and content come from the certificates.
Note: You must set up the certificates for the ZyWALL and remote IPSec router first.

12.4.3 VPN Gateway Summary

The VPN Gateway summary screen displays the VPN gateways in the ZyWALL, as well as
the ZyWALL's address, remote IPSec router's address, and associated VPN connections for
each one. In addition, it also lets you activate and deactivate each VPN gateway.
To access this screen, click Configuration > Network > IPSec VPN > VPN Gateway. The
following screen appears.
244 Chapter 12 IPSec VPN