ZyXEL VMG8324 User Guide - Page 224
Table 104, Label, Description
View all ZyXEL VMG8324 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 224 highlights
Chapter 20 VPN Table 104 Security > IPSec VPN: Add/Edit LABEL IP Address for VPN IP Subnetmask Tunnel access from remote IP addresses IP Address for VPN DESCRIPTION If Single Address is selected, enter a (static) IP address on the LAN behind your Device. If Subnet is selected, specify IP addresses on a network by their subnet mask by entering a (static) IP address on the LAN behind your Device. Then enter the subnet mask to identify the network address. If Subnet is selected, enter the subnet mask to identify the network address. Select Single Address to have only one remote LAN IP address use the VPN tunnel. Select Subnet to specify remote LAN IP addresses by their subnet mask. If Single Address is selected, enter a (static) IP address on the LAN behind the remote IPSec's router. IP Subnetmask Protocol If Subnet is selected, specify IP addresses on a network by their subnet mask by entering a (static) IP address on the LAN behind the remote IPSec's router. Then enter the subnet mask to identify the network address. If Subnet is selected, enter the subnet mask to identify the network address. Select which protocol you want to use in the IPSec SA. Choices are: AH (RFC 2402) - provides integrity, authentication, sequence integrity (replay resistance), and non-repudiation but not encryption. If you select AH, you must select an Integraty Algorithm. ESP (RFC 2406) - provides encryption and the same services offered by AH, but its authentication is weaker. If you select ESP, you must select an Encryption Agorithm and Integraty Algorithm. Key Exchange Method Both AH and ESP increase processing requirements and latency (delay). The Device and remote IPSec router must use the same active protocol. Select the key exchange method: Auto(IKE) - Select this to use automatic IKE key management VPN connection policy. Manual - Select this option to configure a VPN connection policy that uses a manual key instead of IKE key management. This may be useful if you have problems with IKE key management. Authentication Method Pre-Shared Key Local ID Type Note: Only use manual key as a temporary solution, because it is not as secure as a regular IPSec SA. Select Pre-Shared Key to use a pre-shared key for authentication, and type in your preshared key. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection. Select Certificate (X.509) to use a certificate for authentication. Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "A-F") characters. You must precede a hexadecimal key with a "0x" (zero x), which is not counted as part of the 16 to 62 character range for the key. For example, in "0x0123456789ABCDEF", "0x" denotes that the key is hexadecimal and "0123456789ABCDEF" is the key itself. Select IP to identify the Device by its IP address. Select E-mail to identify this Device by an e-mail address. Select DNS to identify this Device by a domain name. Select ASN1DN (Abstract Syntax Notation one - Distinguished Name) to this Device by the subject field in a certificate. This is used only with certificate-based authentication. 224 VMG8324-B10A / VMG8324-B30A Series User's Guide