ZyXEL Communications 91-009-073003B manual 394

DESCRIPTION

Select this to have the ZyWALL and remote IPSec router use

certificates to authenticate each other when they negotiate the IKE

SA. Then select the certificate the ZyWALL uses to identify itself to

the remote IPsec router.

This certificate is one of the certificates in My Certificates. If this

certificate is self-signed, import it into the remote IPsec router. If

this certificate is signed by a CA, the remote IPsec router must trust

that CA.

Note: The IPSec routers must trust each other’s certificates.

The ZyWALL uses one of its Trusted Certificates to authenticate

the remote IPSec router’s certificate. The trusted certificate can be a

self-signed certificate or that of a trusted CA that signed the remote

IPSec router’s certificate.

This field is read-only if the ZyWALL and remote IPSec router use

certificates to identify each other. Select which type of identification

is used to identify the ZyWALL during authentication. Choices are:

IP - the ZyWALL is identified by an IP address

DNS - the ZyWALL is identified by a domain name

E-mail- the ZyWALL is identified by an e-mail address

This field is read-only if the ZyWALL and remote IPSec router use

certificates to identify each other. Type the identity of the ZyWALL

during authentication. The identity depends on the Local ID Type.

IP - type an IP address; if you type 0.0.0.0, the ZyWALL uses the IP

address specified in the My Address field. This is not recommended

in the following situations:

• There is a NAT router between the ZyWALL and remote IPSec

router.

• You want the remote IPSec router to be able to distinguish

between IPSec SA requests that come from IPSec routers with

dynamic WAN IP addresses.

In these situations, use a different IP address, or use a different

Local ID Type.

DNS - type the domain name; you can use up to 31 ASCII

characters including spaces, although trailing spaces are truncated.

This value is only used for identification and can be any string.

E-mail- the ZyWALL is identified by an e-mail address; you can use

up to 31 ASCII characters including spaces, although trailing spaces

are truncated. This value is only used for identification and can be

any string.