Table of Contents
Advertisement
Chapter 16 VPN
• Set the IPSec SA lifetime. This field allows you to determine how long the IPSec
SA should stay up before it times out. The ZyXEL Device automatically
renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period
expires. The ZyXEL Device also automatically renegotiates the IPSec SA if both
IPSec routers have keep alive enabled, even if there is no traffic. If an IPSec SA
times out, then the IPSec router must renegotiate the SA the next time
someone attempts to send traffic.
16.6.6 Negotiation Mode
The phase 1 Negotiation Mode you select determines how the Security
Association (SA) will be established for each connection through IKE negotiations.
• Main Mode ensures the highest level of security when the communicating
parties are negotiating authentication (phase 1). It uses 6 messages in three
round trips: SA negotiation, Diffie-Hellman exchange and an exchange of
nonces (a nonce is a random number). This mode features identity protection
(your identity is not revealed in the negotiation).
16.6.7 Remote DNS Server
In cases where you want to use domain names to access Intranet servers on a
remote network that has a DNS server, you must identify that DNS server. You
cannot use DNS servers on the LAN or from the ISP since these DNS servers
cannot resolve domain names to private IP addresses on the remote network
The following figure depicts an example where three VPN tunnels are created from
ZyXEL Device A; one to branch office 2, one to branch office 3 and another to
headquarters. In order to access computers that use private domain names on the
headquarters (HQ) network, the ZyXEL Device at branch office 1 uses the Intranet
234
P-661HNU-Fx User's Guide
- Quick Links:
- Overview
- Home Networking
Hide quick links:
Advertisement
Table of Contents
