ZyXEL SBG3300-NB00 User Guide - Page 282
User-FQDN, Local ID Type, Remote ID Type, Negotiation Mode, Pre-Shared Key, Table 90, LABEL,
View all ZyXEL SBG3300-NB00 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 282 highlights
Chapter 20 IPSec VPN Table 90 VPN > IPSec VPN > Setup > Edit (continued) LABEL Pre-Shared Key DESCRIPTION Select this to have the Device and remote IPSec router use a pre-shared key (password) to identify each other when they negotiate the IKE SA. Type the pre-shared key in the field to the right. The pre-shared key can be • 8 - 32 alphanumeric characters or 8 - 32 pairs of hexadecimal (0-9, A-F) characters, preceded by "0x". If you want to enter the key in hexadecimal, type "0x" at the beginning of the key. For example, "0x0123456789ABCDEF" is in hexadecimal format; in "0123456789ABCDEF" is in ASCII format. If you use hexadecimal, you must enter twice as many characters since you need to enter pairs. The Device and remote IPSec router must use the same pre-shared key. Certificate Note: All remote access application scenario of IPsec rules must use the same preshared key. In order to use Certificate for IPsec authentication, you need to add new host certificates in the Security > Certificates screen. See a tutorial on how to add new host certificates in Chapter 4 on page 57. Select this to have the Device and remote IPSec router use certificates to authenticate each other when they negotiate the IKE SA. Then select the certificate the Device uses to identify itself to the remote IPsec router. This certificate is one of the certificates in Certificates. If this certificate is self-signed, import it into the remote IPsec router. If this certificate is signed by a CA, the remote IPsec router must trust that CA. Local/Remote ID Type Note: The IPSec routers must trust each other's certificates. The Device uses one of its Trusted Certificates to authenticate the remote IPSec router's certificate. The trusted certificate can be a self-signed certificate or that of a trusted CA that signed the remote IPSec router's certificate. Select which type of identification is used to identify the Device during authentication. Any - The Device does not check the identity of the itself/remote IPSec router. IP - The Device/remote IPSec router is identified by its IP address. FQDN - The Device/remote IPSec router is identified by a domain name. User-FQDN - The Device/remote IPSec router is identified by an e-mail address. Local/Remote ID Content Note: The options FQDN and User-FQDN of Local ID Type and Remote ID Type are not applicable if you select Main as the Negotiation Mode with Pre-Shared Key. When you select IP in the Local/Remote ID Type field, type the IP address of your computer in the Local/Remote ID Content field. When you select FQDN or User-FQDN in the Local/Remote ID Type field, type a domain name or e-mail address by which to identify this Device in the Local/Remote ID Content field. 282 SBG3300-N Series User's Guide