Chapter 21 IPSec
Table 87 Settings > Add/Edit: Auto(IKE)
LABEL | DESCRIPTION |
Authentication | Select |
Method | |
| negotiation. It is called |
| another party before you can communicate with them over a secure |
| connection. |
| Select Certificates (X.509) to use a certificate for authentication. |
|
|
This field is available only when you select | |
| Authentication Method field. |
| Type up to 15 alphanumeric characters for the |
| ends of the VPN tunnel must use the same |
| receive a “PYLD_MALFORMED” (payload malformed) packet if the same |
| |
|
|
Local/Remote ID | Select IP to identify this ZyXEL Device by its IP address. |
Type | Select DNS to identify this ZyXEL Device by a domain name. |
| |
| Select |
| Select ASN1DN (Abstract Syntax Notation one - Distinguished Name) |
| to identify the remote IPSec router by the subject field in a certificate. |
| This is used only with |
|
|
Local/Remote ID | When you select IP in the Local/Remote ID Type field, type the IP |
Content | address of your computer in the Local/Remote ID Content field. |
| When you select DNS or |
| type a domain name or |
| Device in the Local/Remote ID Content field. Use up to 31 ASCII |
| characters including spaces, although trailing spaces are truncated. |
| The domain name or |
| and can be any string. |
|
|
Advanced IKE | Click Show Advanced Settings to display and configure more |
Settings | detailed settings of your IKE key management. Otherwise, click Hide |
| Advanced Settings. |
|
|
NAT_Traversal | Select Enable if you want to set up a VPN tunnel when there are NAT |
| routers between the ZyXEL Device and remote IPSec router. The |
| remote IPSec router must also enable NAT traversal, and the NAT |
| routers have to forward UDP port 500 packets to the remote IPSec |
| router behind the NAT router. Otherwise, select Disable. |
|
|
Phase 1/Phase 2 |
|
|
|
Mode | Select Main or Aggressive from the |
| connecting through a secure gateway must have the same negotiation |
| mode. |
|
|
256 |
| |
| ||
|
|
|