ZyXEL ZyWALL USG 2000 User Guide - Page 464
Extended Authentication, User Name, Password, Client Mode, Cancel
View all ZyXEL ZyWALL USG 2000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 464 highlights
Chapter 25 IPSec VPN Table 121 Configuration > VPN > IPSec VPN > VPN Gateway > Edit (continued) LABEL DESCRIPTION NAT Traversal Select this if any of these conditions are satisfied. • This IKE SA might be used to negotiate IPSec SAs that use ESP as the active protocol. • There are one or more NAT routers between the ZyWALL and remote IPSec router, and these routers do not support IPSec pass-thru or a similar feature. Dead Peer Detection (DPD) The remote IPSec router must also enable NAT traversal, and the NAT routers have to forward packets with UDP port 500 and UDP 4500 headers unchanged. Select this check box if you want the ZyWALL to make sure the remote IPSec router is there before it transmits data through the IKE SA. The remote IPSec router must support DPD. If there has been no traffic for at least 15 seconds, the ZyWALL sends a message to the remote IPSec router. If the remote IPSec router responds, the ZyWALL transmits the data. If the remote IPSec router does not respond, the ZyWALL shuts down the IKE SA. More Settings/ Less Settings Extended Authentication Enable Extended Authentication Server Mode Client Mode User Name Password OK Cancel If the remote IPSec router does not support DPD, see if you can use the VPN connection connectivity check (see Section 25.2.1 on page 446). Click this button to show or hide the Extended Authentication fields. When multiple IPSec routers use the same VPN tunnel to connect to a single VPN tunnel (telecommuters sharing a tunnel for example), use extended authentication to enforce a user name and password check. This way even though they all know the VPN tunnel's security settings, each still has to provide a unique user name and password. Select this if one of the routers (the ZyWALL or the remote IPSec router) verifies a user name and password from the other router using the local user database and/or an external server. Select this if the ZyWALL authenticates the user name and password from the remote IPSec router. You also have to select the authentication method, which specifies how the ZyWALL authenticates this information. Select this radio button if the ZyWALL provides a username and password to the remote IPSec router for authentication. You also have to provide the User Name and the Password. This field is required if the ZyWALL is in Client Mode for extended authentication. Type the user name the ZyWALL sends to the remote IPSec router. The user name can be 1-31 ASCII characters. It is case-sensitive, but spaces are not allowed. This field is required if the ZyWALL is in Client Mode for extended authentication. Type the password the ZyWALL sends to the remote IPSec router. The password can be 1-31 ASCII characters. It is casesensitive, but spaces are not allowed. Click OK to save your settings and exit this screen. Click Cancel to exit this screen without saving. 464 ZyWALL USG 2000 User's Guide