ZyXEL – USG Application Notes
Scenario 5 — Connect to USG using IPSec
IKEv2 in Windows 7
5.1 Application Scenario
WAN
Lan
usg210.dyndns-ip.com
192.168.100.1/24
INTERNET
192.168.100.0/24
Windows 7 supports IPSec IKEv2 with certificate authentication.
This section provides information on how to configure the IKEv2 (Internet Key Exchange)
on a Windows 7 PC via certificates.
5.2 Configuration Guide
Network Conditions:
USG 210:
- WAN1 IP: usg210.dyndns-ip.com
- Local subnet: 192.168.100.0/24
USG-210 VPN Conditions:
Phase 1:
- Authentication Method: Certificate
- Local /Peer ID type: DNS / Any
- Encryption and Authentication Algorithm:
3DES/SHA1, AES128/MD5, AES128/SHA1
- Key Group: DH2
Goal to achieve:
Establish an IPSec VPN tunnel from Windows 7 using IKEv2 protocol.
Step 1. Go to CONFIGURATION > Object > Certificate > My Certificates tab to add a new
certificate for Windows clients.
25