ZyWALL Series CLI Reference Guide
276
CHAPTER 33
IPSec VPN
This chapter explains how to set up and maintain IPSec VPNs in the Zyxel Device.
33.1 IPSec VPN Overview
A virtual private network (VPN) provides secure communications between sites without the expense of
leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access
control and auditing. It is used to transport traffic over the Internet or any insecure network that uses
TCP/IP for communication.
Internet Protocol Security (IPSec) is a standards-based VPN that offers flexible solutions for secure data
communications across a public network like the Internet. IPSec is built around a number of
standardized cryptographic techniques to provide confidentiality, data integrity and authentication at
the IP layer.
The following figure is one example of a VPN tunnel. Here local Zyxel Device X uses an IPSec VPN runnel
to remote (peer) Zyxel Device Y to connect the local (A) and remote (B) networks.
Figure 26 VPN: Example
A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a
contract indicating what security parameters the Zyxel Device and the remote IPSec router will use. The
first phase establishes an Internet Key Exchange (IKE) SA between the Zyxel Device and remote IPSec
router. The second phase uses the IKE SA to securely establish an IPSec SA through which the Zyxel
Device and remote IPSec router can send data between computers on the local network and remote
network. This is illustrated in the following figure.
To Next Page
Loading...
