ZyWALL 5/35/70 Series User’s Guide
Table 97 Matching ID Type and Content Configuration Example
ZYWALL A | ZYWALL B |
|
|
Peer ID type: IP | Peer ID type: |
|
|
Peer ID content: 1.1.1.2 | Peer ID content: tom@yourcompany.com |
|
|
The two ZyWALLs in this example cannot complete their negotiation because ZyWALL B’s Local ID type is IP, but ZyWALL A’s Peer ID type is set to
Table 98 Mismatching ID Type and Content Configuration Example
ZYWALL A | ZYWALL B |
|
|
Local ID type: IP | Local ID type: IP |
|
|
Local ID content: 1.1.1.10 | Local ID content: 1.1.1.10 |
|
|
Peer ID type: | Peer ID type: IP |
|
|
Peer ID content: aa@yahoo.com | Peer ID content: N/A |
|
|
19.8 IKE Phases
There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec.
Figure 147 Two Phases to Set Up the IPSec SA
In phase 1 you must:
•Choose a negotiation mode.
•Authenticate the connection by entering a
•Choose an encryption algorithm.
309 | Chapter 19 VPN Screens |