ZyXEL Communications VSG1432-B101 Series User Manual
Chapter 21 IPSec
VSG1432-B101 Series User’s Guide
252
Authentication
Method
Method
Select Pre-Shared Key to use a pre-shared key for authentication. A
pre-shared key identifies a communicating party during a phase 1 IKE
negotiation. It is called "pre-shared" because you have to share it with
another party before you can communicate with them over a secure
connection.
pre-shared key identifies a communicating party during a phase 1 IKE
negotiation. It is called "pre-shared" because you have to share it with
another party before you can communicate with them over a secure
connection.
Select Certificates (X.509) to use a certificate for authentication.
Pre-Shared Key
This field is available only when you select Pre-Shared Key in the
Authentication Method field.
Authentication Method field.
Type up to 15 alphanumeric characters for the pre-shared key. Both
ends of the VPN tunnel must use the same pre-shared key. You will
receive a “PYLD_MALFORMED” (payload malformed) packet if the same
pre-shared key is not used on both ends.
ends of the VPN tunnel must use the same pre-shared key. You will
receive a “PYLD_MALFORMED” (payload malformed) packet if the same
pre-shared key is not used on both ends.
Local/Remote ID
Type
Type
Select IP to identify this ZyXEL Device by its IP address.
Select DNS to identify this ZyXEL Device by a domain name.
Select E-mail to identify this ZyXEL Device by an e-mail address.
Select ASN1DN (Abstract Syntax Notation one - Distinguished Name)
to identify the remote IPSec router by the subject field in a certificate.
This is used only with certificate-based authentication.
to identify the remote IPSec router by the subject field in a certificate.
This is used only with certificate-based authentication.
Local/Remote ID
Content
Content
When you select IP in the Local/Remote ID Type field, type the IP
address of your computer in the Local/Remote ID Content field.
address of your computer in the Local/Remote ID Content field.
When you select DNS or E-mail in the Local/Remote ID Type field,
type a domain name or e-mail address by which to identify this ZyXEL
Device in the Local/Remote ID Content field. Use up to 31 ASCII
characters including spaces, although trailing spaces are truncated.
The domain name or e-mail address is for identification purposes only
and can be any string.
type a domain name or e-mail address by which to identify this ZyXEL
Device in the Local/Remote ID Content field. Use up to 31 ASCII
characters including spaces, although trailing spaces are truncated.
The domain name or e-mail address is for identification purposes only
and can be any string.
Advanced IKE
Settings
Settings
Click Show Advanced Settings to display and configure more
detailed settings of your IKE key management. Otherwise, click Hide
Advanced Settings.
detailed settings of your IKE key management. Otherwise, click Hide
Advanced Settings.
NAT_Traversal
Select Enable if you want to set up a VPN tunnel when there are NAT
routers between the ZyXEL Device and remote IPSec router. The
remote IPSec router must also enable NAT traversal, and the NAT
routers have to forward UDP port 500 packets to the remote IPSec
router behind the NAT router. Otherwise, select Disable.
routers between the ZyXEL Device and remote IPSec router. The
remote IPSec router must also enable NAT traversal, and the NAT
routers have to forward UDP port 500 packets to the remote IPSec
router behind the NAT router. Otherwise, select Disable.
Phase 1/Phase 2
Mode
Mode
Select Main or Aggressive from the drop-down list box. Multiple SAs
connecting through a secure gateway must have the same negotiation
mode.
connecting through a secure gateway must have the same negotiation
mode.
Table 87 Settings > Add/Edit: Auto(IKE)
LABEL
DESCRIPTION