Chapter 23 IPSec VPN

See Section 23.4 on page 399 for IPSec VPN background information.

See Section 5.4 on page 76 for the IPSec VPN quick setup wizard.

See Section 7.4 on page 118 for an example of configuring IPSec VPN.

23.1.3Before You Begin

This section briefly explains the relationship between VPN tunnels and other features. It also gives some basic suggestions for troubleshooting.

You should set up the following features before you set up the VPN tunnel.

In any VPN connection, you have to select address objects to specify the local policy and remote policy. You should set up the address objects first.

In a VPN gateway, you can select an Ethernet interface, virtual Ethernet interface, VLAN interface, or virtual VLAN interface to specify what address the ZyWALL uses as its IP address when it establishes the IKE SA. You should set up the interface first. See Chapter 11 on page 215.

In a VPN gateway, you can enable extended authentication. If the ZyWALL is in server mode, you should set up the authentication method (AAA server) first. The authentication method specifies how the ZyWALL authenticates the remote IPSec router. See Chapter 39 on page 617.

In a VPN gateway, the ZyWALL and remote IPSec router can use certificates to authenticate each other. Make sure the ZyWALL and the remote IPSec router will trust each other’s certificates. See Chapter 41 on page 633.

23.2The VPN Connection Screen

Click Configuration > VPN > IPSec VPN to open the VPN Connection screen. The VPN Connection screen lists the VPN connection policies and their associated VPN gateway(s), and various settings. In addition, it also lets you activate / deactivate and connect / disconnect each VPN connection (each IPSec

378

 

ZyWALL USG 50 User’s Guide