ZyXEL Communications USG40 User Manual page 360

Table 146 Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit (continued)
LABEL DESCRIPTION
X Auth / Extended This part of the screen displays X-Auth when using IKEv1 and Extended
Authentication Authentication Protocol when using IKEv2.
Protocol
X-Auth This displays when using IKEv1. When different users use the same VPN tunnel to
connect to the ZyWALL/USG (telecommuters sharing a tunnel for example), use X-auth
to enforce a user name and password check. This way even though telecommuters all
know the VPN tunnel's security settings, each still has to provide a unique user name
and password.
Enable Extended Select this if one of the routers (the ZyWALL/USG or the remote IPSec router) verifies a
Authentication
user name and password from the other router using the local user database and/or an
external server.
Server Mode Select this if the ZyWALL/USG authenticates the user name and password from the
remote IPSec router. You also have to select the authentication method, which specifies
how the ZyWALL/USG authenticates this information.
Client Mode Select this radio button if the ZyWALL/USG provides a username and password to the
remote IPSec router for authentication. You also have to provide the User Name and
the Password.
User Name This field is required if the ZyWALL/USG is in Client Mode for extended authentication.
Type the user name the ZyWALL/USG sends to the remote IPSec router. The user name
can be 1-31 ASCII characters. It is case-sensitive, but spaces are not allowed.
Password This field is required if the ZyWALL/USG is in Client Mode for extended authentication.
Type the password the ZyWALL/USG sends to the remote IPSec router. The password
can be 1-31 ASCII characters. It is case-sensitive, but spaces are not allowed.
Retype to Type the exact same password again here to make sure an error was not made when
Confirm
typing it originally.
Extended This displays when using IKEv2. EAP uses a certificate for authentication.
Authentication
Protocol
Enable Extended Select this if one of the routers (the ZyWALL/USG or the remote IPSec router) verifies a
Authentication
user name and password from the other router using the local user database and/or an
external server or a certificate.
Server Mode Select this if the ZyWALL/USG authenticates the user name and password from the
remote IPSec router. You also have to select an AAA method, which specifies how the
ZyWALL/USG authenticates this information and who may be authenticated (Allowed
User).
Client Mode Select this radio button if the ZyWALL/USG provides a username and password to the
remote IPSec router for authentication. You also have to provide the User Name and
the Password.
User Name This field is required if the ZyWALL/USG is in Client Mode for extended authentication.
Type the user name the ZyWALL/USG sends to the remote IPSec router. The user name
can be 1-31 ASCII characters. It is case-sensitive, but spaces are not allowed.
Password This field is required if the ZyWALL/USG is in Client Mode for extended authentication.
Type the password the ZyWALL/USG sends to the remote IPSec router. The password
can be 1-31 ASCII characters. It is case-sensitive, but spaces are not allowed.
Retype to Type the exact same password again here to make sure an error was not made when
Confirm
typing it originally.
OK Click OK to save your settings and exit this screen.
Cancel Click Cancel to exit this screen without saving.
Chapter 19 IPSec VPN
ZyWALL/USG Series User's Guide
360