Chapter 20 IPSec VPN
Table 96 VPN > IPSec VPN > VPN Gateway > Edit (continued)
LABEL | DESCRIPTION |
Peer ID Type | Select which type of identification is used to identify the remote IPSec router |
| during authentication. Choices are: |
| IP - the remote IPSec router is identified by an IP address |
| DNS - the remote IPSec router is identified by a domain name |
| |
| Any - the ZyWALL does not check the identity of the remote IPSec router |
| If the ZyWALL and remote IPSec router use certificates, there is one more choice. |
| Subject Name - the remote IPSec router is identified by the subject name in the |
| certificate |
|
|
Content | This field is disabled if the Peer ID Type is Any. Type the identity of the remote |
| IPSec router during authentication. The identity depends on the Peer ID Type. |
| If the ZyWALL and remote IPSec router do not use certificates, |
| IP - type an IP address; see the note at the end of this description. |
| DNS - type the domain name; you can use up to 31 ASCII characters including |
| spaces, although trailing spaces are truncated. This value is only used for |
| identification and can be any string. |
| |
| ASCII characters including spaces, although trailing spaces are truncated. This |
| value is only used for identification and can be any string. |
| If the ZyWALL and remote IPSec router use certificates, type the following fields |
| from the certificate used by the remote IPSec router. |
| IP - subject alternative name field; see the note at the end of this description. |
| DNS - subject alternative name field |
| |
| Subject Name - subject name (maximum 255 ASCII characters, including |
| spaces) |
| Note: If Peer ID Type is IP, please read the rest of this section. |
If you type 0.0.0.0, the ZyWALL uses the IP address specified in the Secure
Gateway Address field. This is not recommended in the following situations:
•There is a NAT router between the ZyWALL and remote IPSec router.
•You want the remote IPSec router to be able to distinguish between IPSec SA requests that come from IPSec routers with dynamic WAN IP addresses.
In these situations, use a different IP address, or use a different Peer ID Type.
Extended |
|
Authentication |
|
|
|
Enable Extended | Select this if one of the routers (the ZyWALL or the remote IPSec router) verifies a |
Authentication | user name and password from the other router using the local user database and/ |
| or an external server. |
|
|
Server Mode | Select this if the ZyWALL authenticates the user name and password from the |
| remote IPSec router. You also have to select the authentication method, which |
| specifies how the ZyWALL authenticates this information. |
|
|
Client Mode | Select this radio button if the ZyWALL provides a username and password to the |
| remote IPSec router for authentication. You also have to provide the User Name |
| and the Password. |
|
|
User Name | This field is required if the ZyWALL is in Client Mode for extended authentication. |
| Type the user name the ZyWALL sends to the remote IPSec router. The user |
| name can be |
| allowed. |
|
|
Password | This field is required if the ZyWALL is in Client Mode for extended authentication. |
| Type the password the ZyWALL sends to the remote IPSec router. The password |
| can be |
| 317 |
ZyWALL USG 1000 User’s Guide | |
|
|