ZyXEL Communications 2 Plus 14

Table of Contents

Chapter 14
IPSec VPN		..............................................................................................................................	253
14.1		IPSec VPN Overview .....................................................................................................	253
	14.1.1 IKE SA Overview ....................................................................................................		254
14.2		VPN Rules (IKE) ..............................................................................................................	255
14.3		IKE SA Setup ..................................................................................................................	257
	14.3.1 IKE SA Proposal ....................................................................................................		257
14.4		Additional IPSec VPN Topics ...........................................................................................	261
	14.4.1 SA Life Time ...........................................................................................................		262
	14.4.2 IPSec High Availability ...........................................................................................		262
	14.4.3 Encryption and Authentication Algorithms .............................................................		263
14.5		VPN Rules (IKE) Gateway Policy Edit .............................................................................	264
14.6		IPSec SA Overview .....................................................................................................	270
	14.6.1 Local Network and Remote Network ......................................................................		270
	14.6.2 Virtual Address Mapping ........................................................................................		271
	14.6.3 Active Protocol .......................................................................................................		272
	14.6.4 Encapsulation .........................................................................................................		272
	14.6.5 IPSec SA Proposal and Perfect Forward Secrecy .................................................		273
14.7		VPN Rules (IKE) Network Policy Edit .............................................................................	273
14.8		Network Policy Port Forwarding ...................................................................................	278
14.9		Network Policy Move .....................................................................................................	280
	14.10 IPSec SA Using Manual Keys ...................................................................................		281
	14.10.1 IPSec SA Proposal Using Manual Keys ...............................................................		281
	14.10.2 Authentication and the Security Parameter Index (SPI) .......................................		281
	14.11 VPN Rules (Manual) ......................................................................................................		281
	14.12 VPN Rules (Manual) Edit ............................................................................................		283
	14.13 VPN SA Monitor ..........................................................................................................		285
	14.14 VPN Global Setting .......................................................................................................		286
	14.14.1 Local and Remote IP Address Conflict Resolution ..............................................		286
	14.15 Telecommuter VPN/IPSec Examples ............................................................................		289
	14.15.1 Telecommuters Sharing One VPN Rule Example ................................................		289
	14.15.2 Telecommuters Using Unique VPN Rules Example .............................................		290
	14.16 VPN and Remote Management .....................................................................................		291
	14.17 Hub-and-spoke VPN ......................................................................................................		292
	14.17.1 Hub-and-spoke VPN Example .............................................................................		293
	14.17.2 Hub-and-spoke Example VPN Rule Addresses ...................................................		293
	14.17.3 Hub-and-spoke VPN Requirements and Suggestions .........................................		294
Chapter 15
Certificates ............................................................................................................................			295
15.1		Certificates Overview .......................................................................................................	295
	15.1.1 Advantages of Certificates .....................................................................................		296
15.2		Self-signed Certificates ....................................................................................................	296

14
14			ZyWALL 2 Plus User’s Guide