Chapter 25 IPSec VPN

Table 121 Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued)

LABEL

DESCRIPTION

Pre-Shared

Select this to have the ZyWALL and remote IPSec router use a pre-

Key

shared key (password) to identify each other when they negotiate

 

the IKE SA. Type the pre-shared key in the field to the right. The pre-

 

shared key can be

 

• 8 - 32 alphanumeric characters or ,;`~!@#$%^&*()_+\{}':./

 

<>=-".

 

• 8 - 32 pairs of hexadecimal (0-9, A-F) characters, preceded by

 

“0x”.

 

If you want to enter the key in hexadecimal, type “0x” at the

 

beginning of the key. For example, "0x0123456789ABCDEF" is in

 

hexadecimal format; in “0123456789ABCDEF” is in ASCII format. If

 

you use hexadecimal, you must enter twice as many characters since

 

you need to enter pairs.

 

The ZyWALL and remote IPSec router must use the same pre-shared

 

key.

 

 

Certificate

Select this to have the ZyWALL and remote IPSec router use

 

certificates to authenticate each other when they negotiate the IKE

 

SA. Then select the certificate the ZyWALL uses to identify itself to

 

the remote IPsec router.

 

This certificate is one of the certificates in My Certificates. If this

 

certificate is self-signed, import it into the remote IPsec router. If

 

this certificate is signed by a CA, the remote IPsec router must trust

 

that CA.

 

Note: The IPSec routers must trust each other’s certificates.

 

The ZyWALL uses one of its Trusted Certificates to authenticate

 

the remote IPSec router’s certificate. The trusted certificate can be a

 

self-signed certificate or that of a trusted CA that signed the remote

 

IPSec router’s certificate.

 

 

Local ID Type

This field is read-only if the ZyWALL and remote IPSec router use

 

certificates to identify each other. Select which type of identification

 

is used to identify the ZyWALL during authentication. Choices are:

 

IP - the ZyWALL is identified by an IP address

 

DNS - the ZyWALL is identified by a domain name

 

E-mail- the ZyWALL is identified by an e-mail address

 

 

460

 

ZyWALL USG 2000 User’s Guide