ZyXEL Communications 35 Series, 70 Series 19.8 IKE Phases, E-mail, Peer ID type, Local ID type

ZyWALL 5/35/70 Series User’s Guide

Table 97 Matching ID Type and Content Configuration Example

ZYWALL A	ZYWALL B

Peer ID type: IP	Peer ID type: E-mail

Peer ID content: 1.1.1.2	Peer ID content: tom@yourcompany.com

The two ZyWALLs in this example cannot complete their negotiation because ZyWALL B’s Local ID type is IP, but ZyWALL A’s Peer ID type is set to E-mail. An ID mismatched message displays in the IPSec log.

Table 98 Mismatching ID Type and Content Configuration Example

ZYWALL A	ZYWALL B

Local ID type: IP	Local ID type: IP

Local ID content: 1.1.1.10	Local ID content: 1.1.1.10

Peer ID type: E-mail	Peer ID type: IP

Peer ID content: aa@yahoo.com	Peer ID content: N/A

19.8 IKE Phases

There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec.

Figure 147 Two Phases to Set Up the IPSec SA

In phase 1 you must:

•Choose a negotiation mode.

•Authenticate the connection by entering a pre-shared key.

•Choose an encryption algorithm.

313	Chapter 19 VPN Screens