EasyManua.ls Logo

ZyXEL Communications P-661HNU - Diffie-Hellman (DH) Key Groups; Pre-Shared Key; Telecommuter Vpn;Ipsec Examples

ZyXEL Communications P-661HNU
404 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 16 VPN
P-661HNU-Fx User’s Guide
237
The two ZyXEL Devices in this example can complete negotiation and establish a
VPN tunnel.
The two ZyXEL Devices in this example cannot complete their negotiation because
ZyXEL Device B’s Local ID type is IP, but ZyXEL Device A’s Peer ID type is set
to E-mail. An “ID mismatched” message displays in the IPSEC LOG.
16.6.9 Pre-Shared Key
A pre-shared key identifies a communicating party during a phase 1 IKE
negotiation (see Section 16.6.5 on page 233 for more on IKE phases). It is called
“pre-shared” because you have to share it with another party before you can
communicate with them over a secure connection.
16.6.10 Diffie-Hellman (DH) Key Groups
Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties
to establish a shared secret over an unsecured communications channel. Diffie-
Hellman is used within IKE SA setup to establish session keys. 768-bit (Group 1 -
DH1) and 1024-bit (Group 2 – DH2) Diffie-Hellman groups are supported. Upon
completion of the Diffie-Hellman exchange, the two peers have a shared secret,
but the IKE SA is not authenticated. For authentication, use pre-shared keys.
16.6.11 Telecommuter VPN/IPSec Examples
The following examples show how multiple telecommuters can make VPN
connections to a single ZyXEL Device at headquarters. The telecommuters use
IPSec routers with dynamic WAN IP addresses. The ZyXEL Device at headquarters
has a static public IP address.
Table 65 Matching ID Type and Content Configuration Example
ZYXEL DEVICE A ZYXEL DEVICE B
Local ID type: E-mail Local ID type: IP
Local ID content:
tom@yourcompany.com
Local ID content: 1.1.1.2
Peer ID type: IP Peer ID type: E-mail
Peer ID content: 1.1.1.2 Peer ID content: tom@yourcompany.com
Table 66 Mismatching ID Type and Content Configuration Example
ZYXEL DEVICE A ZYXEL DEVICE B
Local ID type: IP Local ID type: IP
Local ID content: 1.1.1.10 Local ID content: 1.1.1.10
Peer ID type: E-mail Peer ID type: IP
Peer ID content: aa@yahoo.com Peer ID content: N/A

Table of Contents

Related product manuals