ZyXEL 2WG Guida Utente
Chapter 15 IPSec VPN Screens
ZyWALL 2WG User’s Guide
298
• Use the VPN Global Setting screen (see
) to change settings that
apply to all of your VPN tunnels.
15.1.2 What You Need to Know About IPSec VPN
A VPN tunnel is usually established in two phases. Each phase establishes a security
association (SA), a contract indicating what security parameters the ZyWALL and the remote
IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between
the ZyWALL and remote IPSec router. The second phase uses the IKE SA to securely
establish an IPSec SA through which the ZyWALL and remote IPSec router can send data
between computers on the local network and remote network. The following figure illustrates
this.
association (SA), a contract indicating what security parameters the ZyWALL and the remote
IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between
the ZyWALL and remote IPSec router. The second phase uses the IKE SA to securely
establish an IPSec SA through which the ZyWALL and remote IPSec router can send data
between computers on the local network and remote network. The following figure illustrates
this.
Figure 189 VPN: IKE SA and IPSec SA
In this example, a computer in network A is exchanging data with a computer in network B.
Inside networks A and B, the data is transmitted the same way data is normally transmitted in
the networks. Between routers X and Y, the data is protected by tunneling, encryption,
authentication, and other security features of the IPSec SA. The IPSec SA is established
securely using the IKE SA that routers X and Y established first.
The rest of this section discusses IKE SA and IPSec SA in more detail.
Inside networks A and B, the data is transmitted the same way data is normally transmitted in
the networks. Between routers X and Y, the data is protected by tunneling, encryption,
authentication, and other security features of the IPSec SA. The IPSec SA is established
securely using the IKE SA that routers X and Y established first.
The rest of this section discusses IKE SA and IPSec SA in more detail.
Gateway and Network Policies
A VPN (Virtual Private Network) tunnel gives you a secure connection to another computer or
network.
network.
• A gateway policy contains the IKE SA settings. It identifies the IPSec routers at either end
of a VPN tunnel.
• A network policy contains the IPSec SA settings. It specifies which devices (behind the
IPSec routers) can use the VPN tunnel.