Chapter 20 IPSec VPN
Table 92 VPN > IPSec VPN > VPN Connection > Manual Key > Edit (continued)
LABEL | DESCRIPTION | |
Authentication | Enter the authentication key, which depends on the authentication algorithm. | |
Key | MD5 - type a unique key | |
| ||
| SHA1 - type a unique key 20 characters long | |
| You can use any alphanumeric characters | |
| want to enter the key in hexadecimal, type “0x” at the beginning of the key. For | |
| example, "0x0123456789ABCDEF" is in hexadecimal format; in | |
| “0123456789ABCDEF” is in ASCII format. If you use hexadecimal, you must enter | |
| twice as many characters as listed above. | |
| The remote IPSec router must have the same authentication key. | |
| The ZyWALL ignores any characters above the minimum number of characters | |
| required by the algorithm. For example, if you enter 12345678901234567890 | |
| for a MD5 authentication key, the ZyWALL only uses 1234567890123456. | |
| The ZyWALL still stores the longer key. | |
Policy | You can set up overlapping local policies or overlapping remote policies in the | |
| ZyWALL. | |
|
| |
Local Policy | Select the address or address group corresponding to the local network. Select | |
| Create Object to configure a new one. | |
|
| |
Remote Policy | Select the address or address group corresponding to the remote network. Select | |
| Create Object to configure a new one. | |
|
| |
Property |
| |
|
| |
My Address | Type the IP address of the ZyWALL in the IPSec SA. 0.0.0.0 is invalid. | |
|
| |
Secure | Type the IP address of the remote IPSec router in the IPSec SA. | |
Gateway |
| |
Address |
| |
|
| |
Enable | Select this check box if you want the ZyWALL to send NetBIOS (Network Basic | |
NetBIOS | Input/Output System) packets through the IPSec SA. | |
broadcast | NetBIOS packets are TCP or UDP packets that enable a computer to connect to | |
over IPSec | ||
and communicate with a LAN. It may sometimes be necessary to allow NetBIOS | ||
| ||
| packets to pass through IPSec SAs in order to allow local computers to find | |
| computers on the remote network and vice versa. | |
|
| |
Inbound/ | Click the Advanced button to show and hide this section. | |
Outbound Traffic |
| |
NAT |
| |
|
| |
Outbound Traffic |
| |
|
| |
Source NAT | This translation hides the source address of computers in the local network. It may | |
| also be necessary if you want the ZyWALL to route packets from computers | |
| outside the local network through the IPSec SA. | |
|
| |
Source | Select the address object that represents the original source address (or select | |
| Create Object to configure a new one). This is the address object for the | |
| computer or network outside the local network. The size of the original source | |
| address range (Source) must be equal to the size of the translated source | |
| address range (SNAT). | |
Destination | Select the address object that represents the original destination address (or | |
| select Create Object to configure a new one). This is the address object for the | |
| remote network. | |
|
| |
SNAT | Select the address object that represents the translated source address (or select | |
| Create Object to configure a new one). This is the address object for the local | |
| network. The size of the original source address range (Source) must be equal to | |
| the size of the translated source address range (SNAT). | |
|
| |
Inbound Traffic |
| |
|
| |
Source NAT | This translation hides the source address of computers in the remote network. | |
|
|
| 305 |
ZyWALL USG 300 User’s Guide | |
|
|