ZyXEL Communications VSG1432-B101 Series User Manual

 Chapter 21 IPSec

VSG1432-B101 Series User’s Guide

Two IPSec routers must have matching ID type and content configuration in order 
to set up a VPN tunnel. 

The two ZyXEL Devices in this example can complete negotiation and establish a 
VPN tunnel.

The two ZyXEL Devices in this example cannot complete their negotiation because 
ZyXEL Device B’s Local ID type is IP, but ZyXEL Device A’s Remote ID type is 
set to E-mail. An “ID mismatched” message displays in the IPSEC LOG. 

A pre-shared key identifies a communicating party during a phase 1 IKE 
negotiation (see 

 for more on IKE phases). It is called 

“pre-shared” because you have to share it with another party before you can 
communicate with them over a secure connection.

E-mail

Type an e-mail address (up to 31 characters) by which to identify this 
ZyXEL Device.
The domain name or e-mail address that you use in the Local ID 
Content field is used for identification purposes only and does not need 
to be a real domain name or e-mail address.

Table 91   Local ID Type and Content Fields

Table 92   Matching ID Type and Content Configuration Example

Local ID type: E-mail

Local ID type: IP

Local ID content: tom@yourcompany.com Local ID content: 1.1.1.2
Remote ID type: IP

Remote ID type: E-mail

Remote ID content: 1.1.1.2

Remote ID content: tom@yourcompany.com

Table 93   Mismatching ID Type and Content Configuration Example

Local ID type: IP

Local ID type: IP

Local ID content: 1.1.1.10

Local ID content: 1.1.1.2

Remote ID type: E-mail

Remote ID type: IP

Remote ID content: aa@yahoo.com

Remote ID content: 1.1.1.0