Chapter 11 IPSec VPN
USG FLEX H Series User’s Guide
176
My Address Type the IP address of a computer on your network that can use the tunnel. You can also
specify a subnet. This must match the remote IP address configured on the remote IPSec
device.
Peer Gateway
Address
Select Domain Name/IP to enter the domain name or the IP address of the remote IPSec
router.
Select Dynamic Address if the remote IPSec router has a dynamic IP address (and does
not use DDNS).
Authentication
Pre-Shared Key Select Pre-Shared Key to use a password for authentication. Enter 8-128 alphanumeric
characters (0-9a-zA-Z) or 8-128 pairs of hexadecimal characters (0-9A-F) beginning with
0x.
Certificate Select Certificate to use one of the Zyxel Device certificates for authentication.
Advanced Settings
Local ID Type Enter one of the followings to identify the Zyxel Device during authentication.
IPv4 - the Zyxel Device is identified by an IP address
DNS - the Zyxel Device is identified by a domain name
E-mail - the Zyxel Device is identified by the string specified in this field
Remote ID Type Enter one of the followings to identify the remote IPSec router during authentication.
IPv4 - the remote IPSec router is identified by an IP address
DNS - the remote IPSec router is identified by a domain name
E-mail - the remote IPSec router is identified by the string specified in this field
If the Zyxel Device and remote IPSec router use certificates, there is one more choice.
Subject Name - the remote IPSec router is identified by the subject name in the certificate
Phase 1 Settings
SA Life Time Set how often the Zyxel Device renegotiates the IKE SA. A short SA life time increases
security, but renegotiation temporarily disconnects the VPN tunnel.
The value you set for the SA life time in Phase 1 Settings should be greater than or equal to
the value you set for the SA life time in Phase 2 Settings.
Add Click this to add an entry.
Edit Select an entry and click this to edit the entry.
Remove Select an entry and click this to remove the entry.
Encryption Select which key size and encryption algorithm to use in the IPSec SA. Choices are:
des-cbc - a 56-bit key with the DES encryption algorithm
3des-cbc - a 168-bit key with the DES encryption algorithm
aes128-cbc - a 128-bit key with the AES encryption algorithm
aes192-cbc - a 192-bit key with the AES encryption algorithm
aes256-cbc - a 256-bit key with the AES encryption algorithm
The Zyxel Device and the remote IPSec router must both have at least one proposal that
uses use the same encryption and the same key.
Longer keys are more secure, but require more processing power, resulting in increased
latency and decreased throughput.
Table 90 VPN > Site-to-Site VPN > Add/Edit (continued)> Scenario > Type > Custom
LABEL DESCRIPTION
To Next Page
Loading...
