ZyXEL Communications 91-009-073003B manual 396

DESCRIPTION

This field is disabled if the Peer ID Type is Any. Type the identity of

the remote IPSec router during authentication. The identity depends

on the Peer ID Type.

If the ZyWALL and remote IPSec router do not use certificates,

IP - type an IP address; see the note at the end of this description.

DNS - type the domain name; you can use up to 31 ASCII

characters including spaces, although trailing spaces are truncated.

This value is only used for identification and can be any string.

E-mail- the ZyWALL is identified by an e-mail address; you can use

up to 31 ASCII characters including spaces, although trailing spaces

are truncated. This value is only used for identification and can be

any string.

If the ZyWALL and remote IPSec router use certificates, type the

following fields from the certificate used by the remote IPSec router.

IP - subject alternative name field; see the note at the end of this

description.

DNS - subject alternative name field

E-mail- subject alternative name field

Subject Name - subject name (maximum 255 ASCII characters,

including spaces)

Note: If Peer ID Type is IP, please read the rest of this section.

If you type 0.0.0.0, the ZyWALL uses the IP address specified in the

Secure Gateway Address field. This is not recommended in the

following situations:

• There is a NAT router between the ZyWALL and remote IPSec

router.

• You want the remote IPSec router to be able to distinguish

between IPSec SA requests that come from IPSec routers with

dynamic WAN IP addresses.

In these situations, use a different IP address, or use a different

Peer ID Type.

Type the maximum number of seconds the IKE SA can last. When

this time has passed, the ZyWALL and remote IPSec router have to

update the encryption and authentication keys and re-negotiate the

IKE SA. This does not affect any existing IPSec SAs, however.