Справочник Пользователя для ZyXEL Communications 5 Series

 Chapter 19 IPSec VPN

ZyWALL 5/35/70 Series User’s Guide

Click SECURITY > VPN and the add network policy (

) icon or a network policy’s edit 

icon in the VPN Rules (IKE) screen to display the VPN-Network Policy -Edit screen. Use 
this screen to configure a network policy. A network policy identifies the devices behind the 
IPSec routers at either end of a VPN tunnel and specifies the authentication, encryption and 
other settings needed to negotiate a phase 2 IPSec SA.

Enable Multiple 
Proposals

Select this to allow the ZyWALL to use any of its phase 1 key groups and 
encryption and authentication algorithms when negotiating an IKE SA. 
When you enable multiple proposals, the ZyWALL allows the remote IPSec 
router to select which phase 1 key groups and encryption and authentication 
algorithms to use for the IKE SA, even if they are less secure than the ones you 
configure for the VPN rule.
Clear this to have the ZyWALL use only the configured phase 1 key groups and 
encryption and authentication algorithms when negotiating an IKE SA.

Associated 
Network Policies

The following table shows the policy(ies) you configure for this rule. 
To add a VPN policy, click the add network policy (

) icon in the VPN Rules 

(IKE) screen (see 

). Refer to 

for more information.

#

This field displays the policy index number. 

Name

This field displays the policy name. 

Local Network 

This field displays one or a range of IP address(es) of the computer(s) behind the 
ZyWALL. 

Remote Network

This field displays one or a range of IP address(es) of the remote network behind 
the remote IPsec router. 

Edit

Click this icon to open the screen where you can configure the network policy.

Delete

Click this icon to remove the network policy.

Apply

Click Apply to save your changes back to the ZyWALL.

Cancel

Click Cancel to exit this screen without saving.

Table 101   SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy  (continued)