Chapter 17 IPSec VPN

which the ZyWALL and remote IPSec router can send data between computers on the local network and remote network. This is illustrated in the following figure.

Figure 20 VPN: IKE SA and IPSec SA

In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks. Between routers X and Y, the data is protected by tunneling, encryption, authentication, and other security features of the IPSec SA. The IPSec SA is secure because routers X and Y established the IKE SA first.

17.2 IPSec VPN Commands Summary

The following table describes the values required for many IPSec VPN commands. Other values are discussed with the corresponding commands.

Table 70 Input Values for IPSec VPN Commands

LABEL

DESCRIPTION

profile_name

The name of a VPN concentrator. You may use 1-31 alphanumeric characters,

 

underscores(_), or dashes (-), but the first character cannot be a number. This value

 

is case-sensitive.

policy_name

The name of an IKE SA. You may use 1-31 alphanumeric characters, underscores(_),

 

or dashes (-), but the first character cannot be a number. This value is case-sensitive.

map_name

The name of an IPSec SA. You may use 1-31 alphanumeric characters,

 

underscores(_), or dashes (-), but the first character cannot be a number. This value

 

is case-sensitive.

domain_name

Fully-qualified domain name. You may use up to 254 alphanumeric characters, dashes

 

(-), or periods (.), but the first character cannot be a period.

 

 

e_mail

An e-mail address. You can use up to 63 alphanumeric characters, underscores (_),

 

dashes (-), or @ characters.

 

 

142

 

ZyWALL (ZLD) CLI Reference Guide