ZyXEL ZYWALL USG 100 User Guide - Page 90
What Can Go Wrong, 4.7 One-Time Password Version 2 (OTPv2 - user manual
View all ZyXEL ZYWALL USG 100 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 90 highlights
Chapter 4 Create Secure Connections Across the Internet 19 Access a server or other network resource behind the ZyWALL to make sure your access works. 4.6.7 What Can Go Wrong The IPSec VPN connection must: • Be enabled • Use transport mode • Not be a manual key VPN connection • Use Pre-Shared Key authentication • Use a VPN gateway with the Secure Gateway set to 0.0.0.0 if you need to allow L2TP VPN clients to connect from more than one IP address. Disconnect any existing L2TP VPN sessions before modifying L2TP VPN settings. The remote users must make any needed matching configuration changes and re-establish the sessions using the new settings. 4.7 One-Time Password Version 2 (OTPv2) Two-factor authentication requires a user to provide two kinds of identification. Purchase the ZyWALL OTPv2 One-Time Password System for strong two-factor authentication for Web Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins. For each login a user must use his ZyWALL OTPv2 token to generate a new OTP password and use it along with his normal account user name and password (the second kind of identification). An attacker cannot reuse an OTP password that was already used for login because it is no longer valid. The system contains SafeWord 2008 authentication server software, hardware OTPv2 tokens, and software OTPv2 tokens for Windows computers and Android and iOS mobile devices. Figure 33 OTPv2 Example ***** OTP PIN SafeWord 2008 Authentication Server File Server Email Server Web-based Application Here is an overview of how to use OTP. See the ZyWALL OTPv2 support note for details. 90 ZyWALL USG100-PLUS User's Guide