Chapter 29 IPSec VPN
ZyWALL/USG Series User’s Guide
560
29.6 IPSec VPN Background Information
Here is some more detailed IPSec VPN background information.
IKE SA Overview
The IKE SA provides a secure connection between the ZyWALL/USG and remote IPSec router.
Add Click Add to bind a configured VPN rule to a user or group. Only that user or group may
then retrieve the specified VPN rule settings.
If you click Add without selecting an entry in advance then the new entry appears as the
first entry. Entry order is important as the ZyWALL/USG searches entries in the order listed
here to find a match. After a match is found, the ZyWALL/USG stops searching. If you want
to add an entry as number three for example, then first select entry 2 and click Add. To
reorder an entry, use Move.
Edit Select an existing entry and click Edit to change its settings.
Remove To remove an entry, select it and click Remove. The ZyWALL/USG confirms you want to
remove it before doing so.
Activate To turn on an entry, select it and click Activate. Make sure that Enable Configuration
Provisioning is also selected.
Inactivate To turn off an entry, select it and click Inactivate.
Move Use Move to reorder a selected entry. Select an entry, click Move, type the number where
the entry should be moved, press <ENTER>, then click Apply.
Status This icon shows if the entry is active (yellow) or not (gray). VPN rule settings can only be
retrieved when the entry is activated (and Enable Configuration Provisioning is also
selected).
Priority Priority shows the order of the entry in the list. Entry order is important as the ZyWALL/USG
searches entries in the order listed here to find a match. After a match is found the ZyWALL/
USG stops searching.
VPN Connection This field shows all configured VPN rules that match the rule criteria for the
ZyWALL/USG
IPSec
VPN client. Select a rule to bind to the associated user or group.
Allowed User Select which user or group of users is allowed to retrieve the associated VPN rule settings
using the ZyWALL/USG
IPSec VPN client. A user may belong to a number of groups. If
entries are configured for different groups, the ZyWALL/USG will allow VPN rule setting
retrieval based on the first match found.
Users of type admin or limited-admin are not allowed.
Type This field shows how traffic is tunnelled from the ZyWALL/USG to the Zyxel VPN client:
• 6in4 (tunnel IPv6 traffic from the ZyWALL/USG to the Zyxel client in an IPv4 network);
• 4in6 (tunnel IPv4 traffic from the ZyWALL/USG to the Zyxel VPN client in an IPv6
network);
• 4in4 (tunnel IPv4 traffic from the ZyWALL/USG to the Zyxel VPN client in an IPv4
network).
Apply Click Apply to save your changes back to the ZyWALL/USG.
Reset Click Reset to return the screen to its last-saved settings.
Table 214 Configuration > VPN > IPSec VPN > Configuration Provisioning (continued)
LABEL DESCRIPTION
To Next Page
Loading...
