ZyXEL VMG8324 User Guide - Page 234
Pre-Shared Key, Diffie-Hellman DH Key Groups
View all ZyXEL VMG8324 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 234 highlights
Chapter 20 VPN The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address, domain name, or e-mail address. Table 108 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= IP Type the IP address of your computer. DNS Type a domain name (up to 31 characters) by which to identify this Device. E-mail Type an e-mail address (up to 31 characters) by which to identify this Device. The domain name or e-mail address that you use in the Local ID Content field is used for identification purposes only and does not need to be a real domain name or e-mail address. 20.5.7.1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. The two Devices in this example can complete negotiation and establish a VPN tunnel. Table 109 Matching ID Type and Content Configuration Example Device A Device B Local ID type: E-mail Local ID type: IP Local ID content: [email protected] Local ID content: 1.1.1.2 Remote ID type: IP Remote ID type: E-mail Remote ID content: 1.1.1.2 Remote ID content: [email protected] The two Devices in this example cannot complete their negotiation because Device B's Local ID Type is IP, but Device A's Remote ID Type is set to E-mail. An "ID mismatched" message displays in the IPSEC LOG. Table 110 Mismatching ID Type and Content Configuration Example DEVICE A DEVICE B Local ID type: IP Local ID type: IP Local ID content: 1.1.1.10 Local ID content: 1.1.1.2 Remote ID type: E-mail Remote ID type: IP Remote ID content: [email protected] Remote ID content: 1.1.1.0 20.5.8 Pre-Shared Key A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section 20.5.3 on page 230 for more on IKE phases). It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection. 20.5.9 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to establish session keys. Upon completion of the Diffie-Hellman exchange, the two peers have a shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys. 234 VMG8324-B10A / VMG8324-B30A Series User's Guide