Table of Contents
Advertisement
Table 96 VPN > IPSec VPN > VPN Gateway > Edit (continued)
LABEL
Peer ID Type
Content
Extended
Authentication
Enable Extended
Authentication
Server Mode
Client Mode
User Name
Password
ZyWALL USG 1000 User's Guide
DESCRIPTION
Select which type of identification is used to identify the remote IPSec router
during authentication. Choices are:
IP - the remote IPSec router is identified by an IP address
DNS - the remote IPSec router is identified by a domain name
E-mail - the remote IPSec router is identified by an e-mail address
Any - the ZyWALL does not check the identity of the remote IPSec router
If the ZyWALL and remote IPSec router use certificates, there is one more choice.
Subject Name - the remote IPSec router is identified by the subject name in the
certificate
This field is disabled if the Peer ID Type is Any. Type the identity of the remote
IPSec router during authentication. The identity depends on the Peer ID Type.
If the ZyWALL and remote IPSec router do not use certificates,
IP - type an IP address; see the note at the end of this description.
DNS - type the domain name; you can use up to 31 ASCII characters including
spaces, although trailing spaces are truncated. This value is only used for
identification and can be any string.
E-mail - the ZyWALL is identified by an e-mail address; you can use up to 31
ASCII characters including spaces, although trailing spaces are truncated. This
value is only used for identification and can be any string.
If the ZyWALL and remote IPSec router use certificates, type the following fields
from the certificate used by the remote IPSec router.
IP - subject alternative name field; see the note at the end of this description.
DNS - subject alternative name field
E-mail - subject alternative name field
Subject Name - subject name (maximum 255 ASCII characters, including
spaces)
Note: If Peer ID Type is IP, please read the rest of this section.
If you type 0.0.0.0, the ZyWALL uses the IP address specified in the Secure
Gateway Address field. This is not recommended in the following situations:
•
There is a NAT router between the ZyWALL and remote IPSec router.
•
You want the remote IPSec router to be able to distinguish between IPSec SA
requests that come from IPSec routers with dynamic WAN IP addresses.
In these situations, use a different IP address, or use a different Peer ID Type.
Select this if one of the routers (the ZyWALL or the remote IPSec router) verifies a
user name and password from the other router using the local user database and/
or an external server.
Select this if the ZyWALL authenticates the user name and password from the
remote IPSec router. You also have to select the authentication method, which
specifies how the ZyWALL authenticates this information.
Select this radio button if the ZyWALL provides a username and password to the
remote IPSec router for authentication. You also have to provide the User Name
and the Password.
This field is required if the ZyWALL is in Client Mode for extended authentication.
Type the user name the ZyWALL sends to the remote IPSec router. The user
name can be 1-31 ASCII characters. It is case-sensitive, but spaces are not
allowed.
This field is required if the ZyWALL is in Client Mode for extended authentication.
Type the password the ZyWALL sends to the remote IPSec router. The password
can be 1-31 ASCII characters. It is case-sensitive, but spaces are not allowed.
Chapter 20 IPSec VPN
317
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications Unified Security Gateway ZyWALL 1000
Related Products for ZyXEL Communications Unified Security Gateway ZyWALL 1000
- ZyXEL Communications Internet Security Gateway 10~100 Series
- ZyXEL Communications ZYWALL 1050 - V2.00 EDITION 1
- ZyXEL Communications ZyWALL 10/10
- ZyXEL Communications 10 Series
- ZyXEL Communications 100 Series
- ZyXEL Communications ZyWALL 10/10 II/50
- ZyXEL Communications Unified Security Gateway ZyWALL 300
- ZyXEL Communications ZyXEL Prestige 100MH