ZyXEL Communications USG40 User Manual page 559

• A subnet or range remote policy
The following VPN Gateway rules configured on the ZyWALL/USG cannot be provisioned to the
IPSec VPN Client:
• IPv4 rules with IKEv2 version
• IPv4 rules with User-based PSK authentication
Note: You must enable IPv6 in System > IPv6 to activate IPv6 VPN tunneling rules.
In the ZyWALL/USG Quick Setup wizard, you can use the VPN Settings for Configuration
Provisioning wizard to create a VPN rule that will not violate these restrictions.
Figure 383 Configuration > VPN > IPSec VPN > Configuration Provisioning
Each field is discussed in the following table.
Table 214 Configuration > VPN > IPSec VPN > Configuration Provisioning
LABEL DESCRIPTION
Enable Select this for users to be able to retrieve VPN rule settings using the ZyWALL/USG IPSec
Configuration VPN client.
Provisioning
Client Choose how users should be authenticated. They can be authenticated using the local
Authentication database on the ZyWALL/USG or an external authentication database such as LDAP, Active
Method Directory or RADIUS. default is a method you configured in Object > Auth Method. You
may configure multiple methods there. If you choose the local database on the ZyWALL/
USG, then configure users using the Object > User/Group screen. If you choose LDAP,
Active Directory or RADIUS authentication servers, then configure users on the respective
server.
Configuration When you add or edit a configuration provisioning entry, you are allowed to set the VPN
Connection and Allowed User fields.
Duplicate entries are not allowed. You cannot select the same VPN Connection and
Allowed User pair in a new entry if the same pair exists in a previous entry.
You can bind different rules to the same user, but the ZyWALL/USG will only allow VPN rule
setting retrieval for the first match found.
Chapter 29 IPSec VPN
ZyWALL/USG Series User's Guide
559