Before You Begin; The Vpn Connection Screen - ZyXEL Communications ZyWALL 1100 User Manual

20.1.3 Before You Begin

This section briefly explains the relationship between VPN tunnels and other features. It also gives
some basic suggestions for troubleshooting.
You should set up the following features before you set up the VPN tunnel.
• In any VPN connection, you have to select address objects to specify the local policy and remote
policy. You should set up the address objects first.
• In a VPN gateway, you can select an Ethernet interface, virtual Ethernet interface, VLAN
interface, or virtual VLAN interface to specify what address the ZyWALL/USG uses as its IP
address when it establishes the IKE SA. You should set up the interface first.
• In a VPN gateway, you can enable extended authentication. If the ZyWALL/USG is in server
mode, you should set up the authentication method (AAA server) first. The authentication
method specifies how the ZyWALL/USG authenticates the remote IPSec router.
• In a VPN gateway, the ZyWALL/USG and remote IPSec router can use certificates to authenticate
each other. Make sure the ZyWALL/USG and the remote IPSec router will trust each other's
certificates.

20.2 The VPN Connection Screen

Click Configuration > VPN > IPSec VPN to open the VPN Connection screen. The VPN
Connection screen lists the VPN connection policies and their associated VPN gateway(s), and
various settings. In addition, it also lets you activate or deactivate and connect or disconnect each
VPN connection (each IPSec SA). Click a column's heading cell to sort the table entries by that
column's criteria. Click the heading cell again to reverse the sort order.
Figure 233 Configuration > VPN > IPSec VPN > VPN Connection
Chapter 20 IPSec VPN
ZyWALL/USG Series User's Guide
350