Chapter 20 IPSec VPN
ZyWALL ATP Series User’s Guide
400
X-Auth This displays when using IKEv1. When different users use the same VPN tunnel to connect to
the Zyxel Device (telecommuters sharing a tunnel for example), use X-auth to enforce a
user name and password check. This way even though telecommuters all know the VPN
tunnel’s security settings, each still has to provide a unique user name and password.
Enable Extended
Authentication
Select this if one of the routers (the Zyxel Device or the remote IPSec router) verifies a user
name and password from the other router using the local user database and/or an external
server.
Server Mode Select this if the Zyxel Device authenticates the user name and password from the remote
IPSec router. You also have to select the authentication method, which specifies how the
Zyxel Device authenticates this information.
AAA Method Select the authentication method, which specifies how the Zyxel Device authenticates this
information.
Allowed User Extended authentication now supports an allowed user. Select what users should be
authenticated.
Client Mode Select this radio button if the Zyxel Device provides a username and password to the
remote IPSec router for authentication. You also have to provide the User Name and the
Password.
User Name This field is required if the Zyxel Device is in Client Mode for extended authentication. Type
the user name the Zyxel Device sends to the remote IPSec router. The user name can be 1-
31 ASCII characters. It is case-sensitive, but spaces are not allowed.
Password This field is required if the Zyxel Device is in Client Mode for extended authentication. Type
the password the Zyxel Device sends to the remote IPSec router. The password can be 1-31
ASCII characters. It is case-sensitive, but spaces are not allowed.
Retype to
Confirm
Type the exact same password again here to make sure an error was not made when
typing it originally.
Extended
Authentication
Protocol
This displays when using IKEv2. EAP uses a certificate for authentication.
Enable Extended
Authentication
Protocol
Select this if one of the routers (the Zyxel Device or the remote IPSec router) verifies a user
name and password from the other router using the local user database and/or an external
server or a certificate.
Allowed Auth
Method
This field displays the authentication method that is used to authenticate the users.
Server Mode Select this if the Zyxel Device authenticates the user name and password from the remote
IPSec router. You also have to select an AAA method, which specifies how the Zyxel Device
authenticates this information and who may be authenticated (Allowed User).
Client Mode Select this radio button if the Zyxel Device provides a username and password to the
remote IPSec router for authentication. You also have to provide the User Name and the
Password.
User Name This field is required if the Zyxel Device is in Client Mode for extended authentication. Type
the user name the Zyxel Device sends to the remote IPSec router. The user name can be 1-
31 ASCII characters. It is case-sensitive, but spaces are not allowed.
Password This field is required if the Zyxel Device is in Client Mode for extended authentication. Type
the password the Zyxel Device sends to the remote IPSec router. The password can be 1-31
ASCII characters. It is case-sensitive, but spaces are not allowed.
Retype to
Confirm
Type the exact same password again here to make sure an error was not made when
typing it originally.
OK Click OK to save your settings and exit this screen.
Cancel Click
Cancel to exit this screen without saving.
Table 158 Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit (continued)
LABEL DESCRIPTION
To Next Page
Loading...
