ZyXEL USG110/210/310 User Guide - Page 631
IPSec VPN Background Information
View all ZyXEL USG110/210/310 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 631 highlights
Chapter 30 IPSec VPN Table 226 Configuration > VPN > IPSec VPN > Configuration Provisioning (continued) LABEL DESCRIPTION Add Click Add to bind a configured VPN rule to a user or group. Only that user or group may then retrieve the specified VPN rule settings. Edit Remove Activate Inactivate Move Status Priority VPN Connection Allowed User If you click Add without selecting an entry in advance then the new entry appears as the first entry. Entry order is important as the Zyxel Device searches entries in the order listed here to find a match. After a match is found, the Zyxel Device stops searching. If you want to add an entry as number three for example, then first select entry 2 and click Add. To reorder an entry, use Move. Select an existing entry and click Edit to change its settings. To remove an entry, select it and click Remove. The Zyxel Device confirms you want to remove it before doing so. To turn on an entry, select it and click Activate. Make sure that Enable Configuration Provisioning is also selected. To turn off an entry, select it and click Inactivate. Use Move to reorder a selected entry. Select an entry, click Move, type the number where the entry should be moved, press , then click Apply. This icon shows if the entry is active (yellow) or not (gray). VPN rule settings can only be retrieved when the entry is activated (and Enable Configuration Provisioning is also selected). Priority shows the order of the entry in the list. Entry order is important as the Zyxel Device searches entries in the order listed here to find a match. After a match is found the Zyxel Device stops searching. This field shows all configured VPN rules that match the rule criteria for the Zyxel Device IPSec VPN client. Select a rule to bind to the associated user or group. Select which user or group of users is allowed to retrieve the associated VPN rule settings using the Zyxel Device IPSec VPN client. A user may belong to a number of groups. If entries are configured for different groups, the Zyxel Device will allow VPN rule setting retrieval based on the first match found. Type Users of type admin or limited-admin are not allowed. This field shows how traffic is tunneled from the Zyxel Device to the Zyxel VPN client: Apply Reset • 6in4 (tunnel IPv6 traffic from the Zyxel Device to the Zyxel client in an IPv4 network); • 4in6 (tunnel IPv4 traffic from the Zyxel Device to the Zyxel VPN client in an IPv6 network); • 4in4 (tunnel IPv4 traffic from the Zyxel Device to the Zyxel VPN client in an IPv4 network). Click Apply to save your changes back to the Zyxel Device. Click Reset to return the screen to its last-saved settings. 30.6 IPSec VPN Background Information Here is some more detailed IPSec VPN background information. IKE SA Overview The IKE SA provides a secure connection between the Zyxel Device and remote IPSec router. It takes several steps to establish an IKE SA. The negotiation mode determines how many. There are two negotiation modes--main mode and aggressive mode. Main mode provides better security, while aggressive mode is faster. ZyWALL USG Series User's Guide 631