ZyXEL UAG2100 User Guide - Page 352
Peer ID Type, Table 158, LABEL, DESCRIPTION
View all ZyXEL UAG2100 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 352 highlights
Chapter 30 IPSec VPN Table 158 Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit (continued) LABEL Content DESCRIPTION This field is disabled if the Peer ID Type is Any. Type the identity of the remote IPSec router during authentication. The identity depends on the Peer ID Type. If the UAG and remote IPSec router do not use certificates, IPv4 - type an IP address; see the note at the end of this description. DNS - type the domain name; you can use up to 31 ASCII characters including spaces, although trailing spaces are truncated. This value is only used for identification and can be any string. E-mail - the remote IPSec router is identified by the string you specify here; you can use up to 31 ASCII characters including spaces, although trailing spaces are truncated. This value is only used for identification and can be any string. If the UAG and remote IPSec router use certificates, type the following fields from the certificate used by the remote IPSec router. IPv4 - subject alternative name field; see the note at the end of this description. DNS - subject alternative name field E-mail - subject alternative name field Subject Name - subject name (maximum 255 ASCII characters, including spaces) Note: If Peer ID Type is IPv4, please read the rest of this section. Phase 1 Settings SA Life Time (Seconds) Negotiation Mode Proposal Add Edit Remove # If you type 0.0.0.0, the UAG uses the IP address specified in the Secure Gateway Address field. This is not recommended in the following situations: • There is a NAT router between the UAG and remote IPSec router. • You want the remote IPSec router to be able to distinguish between IPSec SA requests that come from IPSec routers with dynamic WAN IP addresses. In these situations, use a different IP address, or use a different Peer ID Type. Type the maximum number of seconds the IKE SA can last. When this time has passed, the UAG and remote IPSec router have to update the encryption and authentication keys and re-negotiate the IKE SA. This does not affect any existing IPSec SAs, however. Select the negotiation mode to use to negotiate the IKE SA. Choices are Main - this encrypts the UAG's and remote IPSec router's identities but takes more time to establish the IKE SA Aggressive - this is faster but does not encrypt the identities The UAG and the remote IPSec router must use the same negotiation mode. Use this section to manage the encryption algorithm and authentication algorithm pairs the UAG accepts from the remote IPSec router for negotiating the IKE SA. Click this to create a new entry. Select an entry and click this to be able to modify it. Select an entry and click this to delete it. This field is a sequential value, and it is not associated with a specific proposal. The sequence of proposals should not affect performance significantly. UAG Series User's Guide 352