ZyXEL ISG50-PSTN User Guide - Page 386
IPSec VPN Background Information
View all ZyXEL ISG50-PSTN manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 386 highlights
Chapter 24 IPSec VPN Table 126 Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION Enable Extended Authentication Select this if one of the routers (the ISG50 or the remote IPSec router) verifies a user name and password from the other router using the local user database and/or an external server. Server Mode Select this if the ISG50 authenticates the user name and password from the remote IPSec router. You also have to select the authentication method, which specifies how the ISG50 authenticates this information. Client Mode Select this radio button if the ISG50 provides a username and password to the remote IPSec router for authentication. You also have to provide the User Name and the Password. User Name This field is required if the ISG50 is in Client Mode for extended authentication. Type the user name the ISG50 sends to the remote IPSec router. The user name can be 1-31 ASCII characters. It is case-sensitive, but spaces are not allowed. Password This field is required if the ISG50 is in Client Mode for extended authentication. Type the password the ISG50 sends to the remote IPSec router. The password can be 1-31 ASCII characters. It is case-sensitive, but spaces are not allowed. OK Click OK to save your settings and exit this screen. Cancel Click Cancel to exit this screen without saving. 24.4 IPSec VPN Background Information Here is some more detailed IPSec VPN background information. IKE SA Overview The IKE SA provides a secure connection between the ISG50 and remote IPSec router. It takes several steps to establish an IKE SA. The negotiation mode determines how many. There are two negotiation modes--main mode and aggressive mode. Main mode provides better security, while aggressive mode is faster. Note: Both routers must use the same negotiation mode. These modes are discussed in more detail in Negotiation Mode on page 389. Main mode is used in various examples in the rest of this section. IP Addresses of the ISG50 and Remote IPSec Router To set up an IKE SA, you have to specify the IP addresses of the ISG50 and remote IPSec router. You can usually enter a static IP address or a domain name for either or both IP addresses. Sometimes, your ISG50 might offer another alternative, such as using the IP address of a port or interface, as well. You can also specify the IP address of the remote IPSec router as 0.0.0.0. This means that the remote IPSec router can have any IP address. In this case, only the remote IPSec router can initiate an IKE SA because the ISG50 does not know the IP address of the remote IPSec router. This is often used for telecommuters. 386 ISG50 User's Guide