Chapter 21 IPSec

 

Table 91 Local ID Type and Content Fields

 

LOCAL ID

CONTENT=

 

TYPE=

 

 

 

E-mail

Type an e-mail address (up to 31 characters) by which to identify this

 

 

ZyXEL Device.

 

 

 

 

 

The domain name or e-mail address that you use in the Local ID

 

 

Content field is used for identification purposes only and does not need

 

 

to be a real domain name or e-mail address.

 

 

 

21.4.7.1 ID Type and Content Examples

Two IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel.

The two ZyXEL Devices in this example can complete negotiation and establish a VPN tunnel.

Table 92 Matching ID Type and Content Configuration Example

ZYXEL DEVICE A

ZYXEL DEVICE B

Local ID type: E-mail

Local ID type: IP

 

 

Local ID content: tom@yourcompany.com

Local ID content: 1.1.1.2

 

 

Remote ID type: IP

Remote ID type: E-mail

 

 

Remote ID content: 1.1.1.2

Remote ID content: tom@yourcompany.com

 

 

The two ZyXEL Devices in this example cannot complete their negotiation because ZyXEL Device B’s Local ID type is IP, but ZyXEL Device A’s Remote ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG.

Table 93 Mismatching ID Type and Content Configuration Example

ZYXEL DEVICE A

ZYXEL DEVICE B

Local ID type: IP

Local ID type: IP

 

 

Local ID content: 1.1.1.10

Local ID content: 1.1.1.2

 

 

Remote ID type: E-mail

Remote ID type: IP

 

 

Remote ID content: aa@yahoo.com

Remote ID content: 1.1.1.0

 

 

21.4.8 Pre-Shared Key

A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section 21.4.3 on page 263 for more on IKE phases). It is called “pre-shared” because you have to share it with another party before you can communicate with them over a secure connection.

 

267

VSG1435-B101 Series User’s Guide