ZyXEL UAG715 User Guide - Page 268
Table 105, Label, Description
View all ZyXEL UAG715 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 268 highlights
Chapter 22 IPSec VPN Each field is described in the following table. Table 105 Configuration > VPN > IPSec VPN > VPN Gateway > Edit LABEL Show Advanced Settings / Hide Advanced Settings General Settings Enable VPN Gateway Name Gateway Settings My Address DESCRIPTION Click this button to display a greater or lesser number of configuration fields. Select this check box to activate this VPN gateway policy. Type the name used to identify this VPN gateway. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be a number. This value is case-sensitive. Select how the IP address of the UAG in the IKE SA is defined. If you select Interface, select the Ethernet interface, VLAN interface, virtual Ethernet interface, virtual VLAN interface or PPPoE/PPTP interface. The IP address of the UAG in the IKE SA is the IP address of the interface. Peer Gateway Address If you select Domain Name / IP, enter the domain name or the IP address of the UAG. The IP address of the UAG in the IKE SA is the specified IP address or the IP address corresponding to the domain name. 0.0.0.0 is not generally recommended as it has the UAG accept IPSec requests destined for any interface address on the UAG. Select how the IP address of the remote IPSec router in the IKE SA is defined. Select Static Address to enter the domain name or the IP address of the remote IPSec router. You can provide a second IP address or domain name for the UAG to try if it cannot establish an IKE SA with the first one. Authentication Select Dynamic Address if the remote IPSec router has a dynamic IP address (and does not use DDNS). Note: The UAG and remote IPSec router must use the same authentication method to establish the IKE SA. Pre-Shared Key Certificate Select this to have the UAG and remote IPSec router use a pre-shared key (password) to identify each other when they negotiate the IKE SA. Type the pre-shared key in the field to the right. The pre-shared key can be: • alphanumeric characters or pairs of hexadecimal (0-9, A-F) characters, preceded by "0x". Type "0x" at the beginning of a hexadecimal key. For example, "0x0123456789ABCDEF" is in hexadecimal format; "0123456789ABCDEF" is in ASCII format. If you use hexadecimal, you must enter twice as many characters since you need to enter pairs. The UAG and remote IPSec router must use the same pre-shared key. Select this to have the UAG and remote IPSec router use certificates to authenticate each other when they negotiate the IKE SA. Then select the certificate the UAG uses to identify itself to the remote IPsec router. This certificate is one of the certificates in My Certificates. If this certificate is selfsigned, import it into the remote IPsec router. If this certificate is signed by a CA, the remote IPsec router must trust that CA. Note: The IPSec routers must trust each other's certificates. The UAG uses one of its Trusted Certificates to authenticate the remote IPSec router's certificate. The trusted certificate can be a self-signed certificate or that of a trusted CA that signed the remote IPSec router's certificate. 268 UAG715 User's Guide