ZyXEL Vantage CNM User Guide - Page 340
same authentication method to establish the IKE SA.
View all ZyXEL Vantage CNM manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 340 highlights
Chapter 11 IPSec VPN Table 133 Device Operation > Device Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION Secure Gateway Address Select how the IP address of the remote IPSec router in the IKE SA is defined. Select Static Address to enter the domain name or the IP address of the remote IPSec router. You can provide a second IP address or domain name for the ZyWALL to try if it cannot establish an IKE SA with the first one. Authentication Method Select Dynamic Address if the remote IPSec router has a dynamic IP address (and does not use DDNS). Note: The ZyWALL and remote IPSec router must use the same authentication method to establish the IKE SA. Pre-Shared Key Select this to have the ZyWALL and remote IPSec router use a preshared key (password) to identify each other when they negotiate the IKE SA. Type the pre-shared key in the field to the right. The preshared key can be • 8 - 32 alphanumeric characters or • 8 - 32 pairs of hexadecimal (0-9, A-F) characters, preceded by "0x". If you want to enter the key in hexadecimal, type "0x" at the beginning of the key. For example, "0x0123456789ABCDEF" is in hexadecimal format; in "0123456789ABCDEF" is in ASCII format. If you use hexadecimal, you must enter twice as many characters since you need to enter pairs. Certificate The ZyWALL and remote IPSec router must use the same pre-shared key. Select this to have the ZyWALL and remote IPSec router use certificates to authenticate each other when they negotiate the IKE SA. Then select the certificate the ZyWALL uses to identify itself to the remote IPsec router. This certificate is one of the certificates in My Certificates. If this certificate is self-signed, import it into the remote IPsec router. If this certificate is signed by a CA, the remote IPsec router must trust that CA. Note: The IPSec routers must trust each other's certificates. The ZyWALL uses one of its Trusted Certificates to authenticate the remote IPSec router's certificate. The trusted certificate can be a self-signed certificate or that of a trusted CA that signed the remote IPSec router's certificate. 340 Vantage CNM User's Guide