Table of Contents
Advertisement
Chapter 19 IPSec VPN
• Use the VPN Global Setting screen (see
that apply to all of your VPN tunnels.
19.1.2 What You Need to Know About IPSec VPN
An IPSec VPN tunnel is usually established in two phases. Each phase establishes a security
association (SA), a contract indicating what security parameters the ZyWALL and the remote
IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between
the ZyWALL and remote IPSec router. The second phase uses the IKE SA to securely
establish an IPSec SA through which the ZyWALL and remote IPSec router can send data
between computers on the local network and remote network. This is illustrated in the
following figure.
Figure 206 VPN: IKE SA and IPSec SA
In this example, a computer in network A is exchanging data with a computer in network B.
Inside networks A and B, the data is transmitted the same way data is normally transmitted in
the networks. Between routers X and Y, the data is protected by tunneling, encryption,
authentication, and other security features of the IPSec SA. The IPSec SA is established
securely using the IKE SA that routers X and Y established first.
Gateway and Network Policies
A VPN (Virtual Private Network) tunnel gives you a secure connection to another computer or
network.
• A gateway policy contains the IKE SA settings. It identifies the IPSec routers at either end
of a VPN tunnel. The IKE SA provides a secure connection between the ZyWALL and
remote IPSec router.
• A network policy contains the IPSec SA settings. It specifies which devices (behind the
IPSec routers) can use the VPN tunnel.
358
Section 19.10 on page
379) to change settings
ZyWALL 5/35/70 Series User's Guide
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
