ZyWALL 2WG Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation. 54
DNS, E-mail, Subject Name and Any.
Depending how certificates are generated, it can be classified into three methods:
1) Using Self-signed Certificates (both entities must be ZyXEL IPSec gateway)
2) Online Enroll Certificates
3) Offline Enroll Certificates
This example displays how to use PKI feature in VPN function of ZyXEL appliance. Through PKI
function, users can achieve party identification when doing VPN/IPSec negotiation.
Using Self-signed Certificates
For customers who don't have CA service support in their environment but would like to use PKI feature,
ZyWALL provides self-signed certificates to achieve this. As the name indicates, a self-signed certificate
is a certificate signed by the device (ZyWALL) itself.
ZyWALL has the feature to sign itself a so-called self-signed certificate which can be imported to other
ZyWALL for authentication. This feature allows users to use certificate without CA. The certificate must
be exchanged and imported into Trusted Remote Hosts before making a VPN connection.