Ike Sa Setup; Ike Sa Proposal; Figure 173 Ike Sa: Main Negotiation Mode, Steps 1 - 2: Ike Sa Proposal - ZyXEL Communications ZyWall 5 Series User Manual

Internet security appliance

Hide thumbs Also See for ZyWall 5 Series:

Table of Contents

Table 92 SECURITY > VPN > VPN Rules (IKE) (continued)

18.3 IKE SA Setup

This section provides more details about IKE SAs.

The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm,

and Diffie-Hellman (DH) key group that the ZyWALL and remote IPSec router use in the IKE

SA. In main mode, this is done in steps 1 and 2, as illustrated below.

The ZyWALL sends one or more proposals to the remote IPSec router. (In some devices, you

can set up only one proposal.) Each proposal consists of an encryption algorithm,

authentication algorithm, and DH key group that the ZyWALL wants to use in the IKE SA.

The remote IPSec router selects an acceptable proposal and sends the accepted proposal back

to the ZyWALL. If the remote IPSec router rejects all of the proposals (for example, if the

VPN tunnel is not configured correctly), the ZyWALL and remote IPSec router cannot

establish an IKE SA.

Note: Both routers must use the same encryption algorithm, authentication algorithm,

and DH key group.

Chapter 18 IPSec VPN

This is the remote network behind the remote IPsec router.

Click this icon to display a screen in which you can associate a network policy

to a gateway policy.

Click this icon to display a screen in which you can change the settings of a

gateway or network policy.

Click this icon to delete a gateway or network policy. The ZyWALL

automatically moves the associated network policy(ies) to the recycle bin.

Click this icon to establish a VPN connection to a remote network.

This indicates that a network policy is not active.

The recycle bin holds any network policies without an associated gateway

ZyWALL 5/35/70 Series User's Guide

Zywall 70 series Zywall 35 series