Table of Contents
Advertisement
Chapter 19 IPSec VPN
• Use the VPN Concentrator screens (see
IPSec VPN connections into a single secure network.
• Use the SA Monitor screen (see
active IPSec SAs.
19.1.2 What You Need to Know About IPSec VPN
An IPSec VPN tunnel is usually established in two phases. Each phase establishes a security
association (SA), a contract indicating what security parameters the ZyWALL and the remote
IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between
the ZyWALL and remote IPSec router. The second phase uses the IKE SA to securely
establish an IPSec SA through which the ZyWALL and remote IPSec router can send data
between computers on the local network and remote network. This is illustrated in the
following figure.
Figure 236 VPN: IKE SA and IPSec SA
In this example, a computer in network A is exchanging data with a computer in network B.
Inside networks A and B, the data is transmitted the same way data is normally transmitted in
the networks. Between routers X and Y, the data is protected by tunneling, encryption,
authentication, and other security features of the IPSec SA. The IPSec SA is secure because
routers X and Y established the IKE SA first.
308
Section 19.4 on page
Section 19.5 on page
328) to display and manage the
ZyWALL USG 50-H User's Guide
326) to combine several
Advertisement
Table of Contents
Troubleshooting
