Chapter 20 IPSec VPN
Table 96 VPN > IPSec VPN > VPN Gateway > Edit (continued)
LABEL | DESCRIPTION | |
Secure | Type the IP address or the domain name of the remote IPSec router. Set this field | |
Gateway | to 0.0.0.0 if the remote IPSec router has a dynamic IP address. You can provide a | |
Address | second IP address or domain name. In this case, if the ZyWALL cannot establish | |
| an IKE SA with the first one, it tries to establish an IKE SA with the second one. | |
|
| |
Authentication | Note: The ZyWALL and remote IPSec router must use the same | |
Method | ||
authentication method to establish the IKE SA. | ||
| ||
|
| |
Select this if the ZyWALL and remote IPSec router do not use certificates to | ||
Key | identify each other when they negotiate the IKE SA. Then, type the | |
| key in the field to the right. The | |
| • 8 - 32 alphanumeric characters | |
| • 16 - 64 hexadecimal | |
| If you want to enter the key in hexadecimal, type “0x” at the beginning of the key. | |
| For example, "0x0123456789ABCDEF" is in hexadecimal format; in | |
| “0123456789ABCDEF” is in ASCII format. If you use hexadecimal, you must | |
| enter twice as many characters as listed above. | |
| The ZyWALL and remote IPSec router must use the same | |
|
| |
Certificate | Select this if the ZyWALL and remote IPSec router use certificates to identify | |
| each other when they negotiate the IKE SA. Then, select the certificate the | |
| remote IPSec router uses to identify the ZyWALL. This certificate is one of the | |
| certificates in My Certificates. | |
| Note: The ZyWALL must import the remote IPSec router’s | |
| certificate before it can establish the IKE SA. | |
| The ZyWALL uses one of its Trusted Certificates to authenticate the remote | |
| IPSec router. The trusted certificate can be a | |
| trusted CA that signed the remote IPSec router’s certificate. | |
|
| |
Local ID Type | This field is | |
| identify each other. Select which type of identification is used to identify the | |
| ZyWALL during authentication. Choices are: | |
| IP - the ZyWALL is identified by an IP address | |
| DNS - the ZyWALL is identified by a domain name | |
| ||
|
| |
Content | This field is | |
| identify each other. Type the identity of the ZyWALL during authentication. The | |
| identity depends on the Local ID Type. | |
| IP - type an IP address; if you type 0.0.0.0, the ZyWALL uses the IP address | |
| specified in the My Address field. This is not recommended in the following | |
| situations: | |
| • There is a NAT router between the ZyWALL and remote IPSec router. | |
| • You want the remote IPSec router to be able to distinguish between IPSec SA | |
| requests that come from IPSec routers with dynamic WAN IP addresses. | |
| In these situations, use a different IP address, or use a different Local ID Type. | |
| DNS - type the domain name; you can use up to 31 ASCII characters including | |
| spaces, although trailing spaces are truncated. This value is only used for | |
| identification and can be any string. | |
| ||
| ASCII characters including spaces, although trailing spaces are truncated. This | |
| value is only used for identification and can be any string. | |
|
|
316 |
| |
ZyWALL USG 1000 User’s Guide |
| |
|
|
|