Chapter 4 Wizard Setup

4.8.7 VPN Advanced Wizard - Phase 2

Active Protocol: ESP is compatible with NAT, AH is not.

Encapsulation: Tunnel is compatible with NAT, Transport is not.

Proposal: 3DES and AES use encryption. The longer the AES key, the higher the security (this may affect throughput). Null uses no encryption.

Local Policy (IP/Mask): Type the IP address of a computer on your network. You can also specify a subnet. This must match the remote IP address configured on the peer IPSec device.

Incoming Interface: The peer IPSec device connects to the ZyWALL via this interface.

Remote Policy (IP/Mask): Type the IP address of a computer behind the peer IPSec device. You can also specify a subnet. This must match the local IP address configured on the peer IPSec device.

Nailed-Up: Select this to have the ZyWALL automatically renegotiate the IPSec SA when the SA life time expires.

This read-only screen shows the status of the current VPN setting. Use the summary table to check whether what you have configured is correct.

Figure 42 VPN Advanced Wizard: Step 5

The following table describes the labels in this screen.

Table 21 VPN Advanced Wizard: Step 5

LABEL

DESCRIPTION

Summary

 

 

 

Name

This is the name of the VPN connection (and VPN gateway).

 

 

Secure

This is the WAN IP address or domain name of the remote IPSec router. If this field

Gateway

displays 0.0.0.0, only the remote IPSec router can initiate the VPN connection.

 

 

Pre-Shared

This is a pre-shared key identifying a communicating party during a phase 1 IKE

Key

negotiation.

 

 

Local Policy

This is a (static) IP address and Subnet Mask on the LAN behind your ZyWALL.

 

 

 

105

ZyWALL USG 100/200 Series User’s Guide