ZyXEL Communications USG 2000 manual 460

DESCRIPTION

Select this to have the ZyWALL and remote IPSec router use a pre-

shared key (password) to identify each other when they negotiate

the IKE SA. Type the pre-shared key in the field to the right. The pre-

shared key can be

• 8 - 32 alphanumeric characters or ,;`~!@#$%^&*()_+\{}':./

<>=-".

• 8 - 32 pairs of hexadecimal (0-9, A-F) characters, preceded by

“0x”.

If you want to enter the key in hexadecimal, type “0x” at the

beginning of the key. For example, "0x0123456789ABCDEF" is in

hexadecimal format; in “0123456789ABCDEF” is in ASCII format. If

you use hexadecimal, you must enter twice as many characters since

you need to enter pairs.

The ZyWALL and remote IPSec router must use the same pre-shared

key.

Select this to have the ZyWALL and remote IPSec router use

certificates to authenticate each other when they negotiate the IKE

SA. Then select the certificate the ZyWALL uses to identify itself to

the remote IPsec router.

This certificate is one of the certificates in My Certificates. If this

certificate is self-signed, import it into the remote IPsec router. If

this certificate is signed by a CA, the remote IPsec router must trust

that CA.

Note: The IPSec routers must trust each other’s certificates.

The ZyWALL uses one of its Trusted Certificates to authenticate

the remote IPSec router’s certificate. The trusted certificate can be a

self-signed certificate or that of a trusted CA that signed the remote

IPSec router’s certificate.

This field is read-only if the ZyWALL and remote IPSec router use

certificates to identify each other. Select which type of identification

is used to identify the ZyWALL during authentication. Choices are:

IP - the ZyWALL is identified by an IP address

DNS - the ZyWALL is identified by a domain name

E-mail- the ZyWALL is identified by an e-mail address