ZyXEL 2WG Guía Del Usuario
Chapter 15 IPSec VPN Screens
ZyWALL 2WG User’s Guide
299
Figure 190 Gateway and Network Policies
This figure helps explain the main fields in the VPN setup.
Figure 191 IPSec Fields Summary
Negotiation Mode
It takes several steps to establish an IKE SA. The negotiation mode determines the number of
steps to use. There are two negotiation modes--main mode and aggressive mode. Main mode
provides better security, while aggressive mode is faster.
steps to use. There are two negotiation modes--main mode and aggressive mode. Main mode
provides better security, while aggressive mode is faster.
"
Both routers must use the same negotiation mode.
These modes are discussed in more detail in
Negotiation Mode
. Main mode is used in various
examples in the rest of this section.
IP Addresses of the ZyWALL and Remote IPSec Router
In the ZyWALL, you have to specify the IP addresses of the ZyWALL and the remote IPSec
router to establish an IKE SA.
You can usually provide a static IP address or a domain name for the ZyWALL. Sometimes,
your ZyWALL might also offer another alternative, such as using the IP address of a port or
interface.
You can usually provide a static IP address or a domain name for the remote IPSec router as
well. Sometimes, you might not know the IP address of the remote IPSec router (for example,
telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router
can initiate an IKE SA.
router to establish an IKE SA.
You can usually provide a static IP address or a domain name for the ZyWALL. Sometimes,
your ZyWALL might also offer another alternative, such as using the IP address of a port or
interface.
You can usually provide a static IP address or a domain name for the remote IPSec router as
well. Sometimes, you might not know the IP address of the remote IPSec router (for example,
telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router
can initiate an IKE SA.