Table of Contents
Advertisement
In IPSec SAs using manual keys, the ZyXEL Device and remote IPSec router do not establish
an IKE SA. They only establish an IPSec SA. As a result, an IPSec SA using manual keys has
some characteristics of IKE SAs and some characteristics of IPSec SAs. There are also some
differences between IPSec SAs using manual keys and other types of SAs.
11.1.4.1.1 IPSec SA Proposal using Manual Keys
In IPSec SAs using manual keys, you can only specify one encryption algorithm and one
authentication algorithm. You cannot specify several proposals. There is no DH key exchange,
so you have to provide the encryption key and the authentication key the ZyXEL Device and
remote IPSec router use.
The ZyXEL Device and remote IPSec router must use the same encryption
key and authentication key.
11.1.4.1.2 Authentication and the Security Parameter Index (SPI)
In IPSec SAs using manual keys, the ZyXEL Device and remote IPSec router use the SPI,
instead of pre-shared keys, ID type and ID content, for authentication. The SPI is an arbitrary
number that is used to help identify the IPSec SA.
The ZyXEL Device and remote IPSec router must use the same SPI.
11.2 VPN Setup Screen
Click Security and VPN to open the VPN Setup screen. This is a read-only menu of your
IPSec rules (tunnels). The IPSec summary menu is read-only. Edit a VPN by selecting an
index number and then configuring its associated submenus.
P-793H User's Guide
Chapter 11 IPSec VPN
161
Advertisement
Table of Contents
Troubleshooting
