ZyXEL UAG715 User Guide - Page 272
IPSec VPN Background Information
View all ZyXEL UAG715 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 272 highlights
Chapter 22 IPSec VPN Table 105 Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION User Name This field is required if the UAG is in Client Mode for extended authentication. Type the user name the UAG sends to the remote IPSec router. The user name can be 1-31 ASCII characters. It is case-sensitive, but spaces are not allowed. Password This field is required if the UAG is in Client Mode for extended authentication. Type the password the UAG sends to the remote IPSec router. The password can be 1-31 ASCII characters. It is case-sensitive, but spaces are not allowed. OK Click OK to save your settings and exit this screen. Cancel Click Cancel to exit this screen without saving. 22.4 IPSec VPN Background Information Here is some more detailed IPSec VPN background information. IKE SA Overview The IKE SA provides a secure connection between the UAG and remote IPSec router. It takes several steps to establish an IKE SA. The negotiation mode determines how many. There are two negotiation modes--main mode and aggressive mode. Main mode provides better security, while aggressive mode is faster. Note: Both routers must use the same negotiation mode. These modes are discussed in more detail in Negotiation Mode on page 275. Main mode is used in various examples in the rest of this section. IP Addresses of the UAG and Remote IPSec Router To set up an IKE SA, you have to specify the IP addresses of the UAG and remote IPSec router. You can usually enter a static IP address or a domain name for either or both IP addresses. Sometimes, your UAG might offer another alternative, such as using the IP address of a port or interface, as well. You can also specify the IP address of the remote IPSec router as 0.0.0.0. This means that the remote IPSec router can have any IP address. In this case, only the remote IPSec router can initiate an IKE SA because the UAG does not know the IP address of the remote IPSec router. This is often used for telecommuters. IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the UAG and remote IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustrated next. 272 UAG715 User's Guide