ZyXEL Communications ZyWALL 1000 User Manual
Chapter 20 IPSec VPN
ZyWALL USG 1000 User’s Guide
305
Authentication
Key
Enter the authentication key, which depends on the authentication algorithm.
MD5 - type a unique key 16-20 characters long
SHA1 - type a unique key 20 characters long
You can use any alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./<>=-". If you
MD5 - type a unique key 16-20 characters long
SHA1 - type a unique key 20 characters long
You can use any alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./<>=-". If you
want to enter the key in hexadecimal, type “0x” at the beginning of the key. For
example, "0x0123456789ABCDEF" is in hexadecimal format; in
“0123456789ABCDEF” is in ASCII format. If you use hexadecimal, you must enter
twice as many characters as listed above.
The remote IPSec router must have the same authentication key.
The ZyWALL ignores any characters above the minimum number of characters
The remote IPSec router must have the same authentication key.
The ZyWALL ignores any characters above the minimum number of characters
required by the algorithm. For example, if you enter
12345678901234567890
for a MD5 authentication key, the ZyWALL only uses
1234567890123456
.
The ZyWALL still stores the longer key.
Policy
You can set up overlapping local policies or overlapping remote policies in the
ZyWALL.
Local Policy
Select the address or address group corresponding to the local network. Select
Create Object to configure a new one.
Remote Policy Select the address or address group corresponding to the remote network. Select
Create Object to configure a new one.
Property
My Address
Type the IP address of the ZyWALL in the IPSec SA. 0.0.0.0 is invalid.
Secure
Gateway
Address
Type the IP address of the remote IPSec router in the IPSec SA.
Enable
NetBIOS
broadcast
over IPSec
Select this check box if you want the ZyWALL to send NetBIOS (Network Basic
Input/Output System) packets through the IPSec SA.
NetBIOS packets are TCP or UDP packets that enable a computer to connect to
NetBIOS packets are TCP or UDP packets that enable a computer to connect to
and communicate with a LAN. It may sometimes be necessary to allow NetBIOS
packets to pass through IPSec SAs in order to allow local computers to find
computers on the remote network and vice versa.
Advanced/Basic
Click this button to show or hide the Inbound/Outbound traffic NAT fields.
Inbound/
Outbound traffic
NAT
Click the Advanced or Basic button to show or hide this section.
Outbound Traffic
Source NAT
This translation hides the source address of computers in the local network. It may
also be necessary if you want the ZyWALL to route packets from computers
outside the local network through the IPSec SA.
Source
Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the
computer or network outside the local network. The size of the original source
address range (Source) must be equal to the size of the translated source
address range (SNAT).
Destination
Select the address object that represents the original destination address (or
select Create Object to configure a new one). This is the address object for the
remote network.
SNAT
Select the address object that represents the translated source address (or select
Create Object to configure a new one). This is the address object for the local
network. The size of the original source address range (Source) must be equal to
the size of the translated source address range (SNAT).
Inbound Traffic
Table 92 VPN > IPSec VPN > VPN Connection > Manual Key > Edit (continued)
LABEL
DESCRIPTION