ZyXEL SBG3300-NB00 User Guide - Page 294
Pre-Shared Key
View all ZyXEL SBG3300-NB00 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 294 highlights
Chapter 20 IPSec VPN distinguish incoming SAs because you can select between three encryption algorithms (DES, 3DES and AES), two authentication algorithms (MD5 and SHA1) and eight key groups when you configure a VPN rule (see Section 20.4 on page 278). The ID type and content act as an extra level of identification for incoming SAs. The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address, domain name, or e-mail address. Table 96 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= IP Type the IP address of your computer. FQDN Type a domain name (up to 31 characters) by which to identify this Device. User-FQDN Type an e-mail address (up to 31 characters) by which to identify this Device. The domain name or e-mail address that you use in the Local ID Content field is used for identification purposes only and does not need to be a real domain name or e-mail address. 20.7.7.1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. The two Devices in this example can complete negotiation and establish a VPN tunnel. Table 97 Matching ID Type and Content Configuration Example Device A Device B Local ID type: User-FQDN Local ID type: IP Local ID content: [email protected] Local ID content: 1.1.1.2 Remote ID type: IP Remote ID type: E-mail Remote ID content: 1.1.1.2 Remote ID content: [email protected] The two Devices in this example cannot complete their negotiation because Device B's Local ID type is IP, but Device A's Remote ID type is set to E-mail. An "ID mismatched" message displays in the IPSEC LOG. Table 98 Mismatching ID Type and Content Configuration Example DEVICE A DEVICE B Local ID type: IP Local ID type: IP Local ID content: 1.1.1.10 Local ID content: 1.1.1.2 Remote ID type: User-FQDN Remote ID type: IP Remote ID content: [email protected] Remote ID content: 1.1.1.0 20.7.8 Pre-Shared Key A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section 20.7.3 on page 291 for more on IKE phases). It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection. 294 SBG3300-N Series User's Guide