Table 99 SECURITY > VPN > VPN Rules (IKE) (continued)
LABEL
Local
Network
Remote
Network
Recycle Bin
18.3 IKE SA Setup
This section provides more details about IKE SAs.
18.3.1 IKE SA Proposal
The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm,
and Diffie-Hellman (DH) key group that the ZyWALL and remote IPSec router use in the IKE
SA. In main mode, this is done in steps 1 and 2, as illustrated below.
Figure 205 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal
ZyWALL 5/35/70 Series User's Guide
DESCRIPTION
This is the network behind the ZyWALL. A network policy specifies which devices
(behind the IPSec routers) can use the VPN tunnel.
This is the remote network behind the remote IPsec router.
Click this icon to display a screen in which you can associate a network policy to a
gateway policy or move it to the recycle bin.
Click this icon to display a screen in which you can change the settings of a
gateway or network policy.
Click this icon to delete a gateway or network policy. When you delete a gateway,
the ZyWALL automatically moves the associated network policy(ies) to the recycle
bin. When you delete a network policy, it is just deleted.
Click this icon to establish a VPN connection to a remote network.
Click this icon to drop a VPN connection to a remote network.
The recycle bin appears when you have any network policies that are not
associated to a gateway policy.
•
When you delete a gateway, the ZyWALL automatically moves the associated
network policy(ies) to the recycle bin.
•
You can also manually move a network policy that you do not need (but may
want to use again later) to the recycle bin. Click the network policy's move or
edit icon and set its Gateway Policy to Recycle Bin.
Chapter 18 IPSec VPN
355