ZyWALL 5/35/70 Series User’s Guide

19.7

ID Type and Content ......................................................................................

307

19.7.1 ID Type and Content Examples ............................................................

308

19.8

IKE Phases ....................................................................................................

309

19.8.1 Negotiation Mode ..................................................................................

310

19.8.2 Pre-Shared Key ....................................................................................

310

19.8.3 Diffie-Hellman (DH) Key Groups ...........................................................

311

19.8.4 Perfect Forward Secrecy (PFS) ...........................................................

311

19.9

X-Auth (Extended Authentication) ..................................................................

311

19.9.1 Authentication Server ...........................................................................

311

19.15.1 Security Parameter Index (SPI) ..........................................................

327

19.18 Telecommuter VPN/IPSec Examples ...........................................................

333

19.18.1 Telecommuters Sharing One VPN Rule Example ..............................

333

19.18.2 Telecommuters Using Unique VPN Rules Example ...........................

334

19.19 VPN and Remote Management ...................................................................

336

Chapter 20

 

 

Certificates............................................................................................................

338

20.1

Certificates Overview .....................................................................................

338

20.1.1 Advantages of Certificates ....................................................................

339

20.2

Self-signed Certificates ..................................................................................

339

20.3

Configuration Summary .................................................................................

339

20.5.1 Certificate File Formats .........................................................................

342

20.12 Verifying a Trusted Remote Host’s Certificate ..............................................

357

20.12.1 Trusted Remote Host Certificate Fingerprints .....................................

357

Chapter 21

 

 

Authentication Server..........................................................................................

366

21.1

Authentication Server Overview .....................................................................

366

21.1.1 Local User Database ............................................................................

366

21.1.2 RADIUS ................................................................................................

366

Chapter 22

 

 

Network Address Translation (NAT) ...................................................................

370

22.1

NAT Overview ................................................................................................

370

22.1.1 NAT Definitions .....................................................................................

370

22.1.2 What NAT Does ....................................................................................

371

22.1.3 How NAT Works ...................................................................................

371

22.1.4 NAT Application ....................................................................................

372

22.1.5 Port Restricted Cone NAT ....................................................................

373

22.1.6 NAT Mapping Types .............................................................................

373

22.2

Using NAT ......................................................................................................

374

22.2.1 SUA (Single User Account) Versus NAT ..............................................

374

22.5

Port Forwarding ..............................................................................................

379

17

Table of Contents