Ike Phases; Figure 105 Two Phases To Set Up The Ipsec Sa; Table 66 Mismatching Id Type And Content Configuration Example - ZyXEL Communications ZyWALL 5 User Manual

ZyWALL 5 User's Guide
Table 65 Matching ID Type and Content Configuration Example
ZYWALL A
Peer ID type: IP
Peer ID content: 1.1.1.2
The two ZyWALLs in this example cannot complete their negotiation because ZyWALL B's
Local ID type is IP, but ZyWALL A's Peer ID type is set to E-mail. An ID mismatched
message displays in the IPSEC LOG.

Table 66 Mismatching ID Type and Content Configuration Example

ZYWALL A
Local ID type: IP
Local ID content: 1.1.1.10
Peer ID type: E-mail
Peer ID content: aa@yahoo.com

14.8 IKE Phases

There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1
(Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and
the second one uses that SA to negotiate SAs for IPSec.

Figure 105 Two Phases to Set Up the IPSec SA

In phase 1 you must:
• Choose a negotiation mode.
• Authenticate the connection by entering a pre-shared key.
• Choose an encryption algorithm.
224
ZYWALL B
Peer ID type: E-mail
Peer ID content: tom@yourcompany.com
ZYWALL B
Local ID type: IP
Local ID content: 1.1.1.10
Peer ID type: IP
Peer ID content: N/A
Chapter 14 VPN Screens