7 vpn advanced wizard - phase 2, Figure 42 vpn advanced wizard: step 5, Table 21 vpn advanced wizard: step 5 – ZyXEL Communications 200 Series User Manual

Chapter 4 Wizard Setup

ZyWALL USG 100/200 Series User’s Guide

105

4.8.7 VPN Advanced Wizard - Phase 2

Active Protocol: ESP is compatible with NAT, AH is not.

Encapsulation: Tunnel is compatible with NAT, Transport is not.

Proposal: 3DES and AES use encryption. The longer the AES key, the higher the security
(this may affect throughput). Null uses no encryption.

Local Policy (IP/Mask): Type the IP address of a computer on your network. You can also
specify a subnet. This must match the remote IP address configured on the peer IPSec device.

Incoming Interface: The peer IPSec device connects to the ZyWALL via this interface.

Remote Policy (IP/Mask): Type the IP address of a computer behind the peer IPSec device.
You can also specify a subnet. This must match the local IP address configured on the peer
IPSec device.

Nailed-Up: Select this to have the ZyWALL automatically renegotiate the IPSec SA when the
SA life time expires.

This read-only screen shows the status of the current VPN setting. Use the summary table to
check whether what you have configured is correct.

Figure 42 VPN Advanced Wizard: Step 5

The following table describes the labels in this screen.

Table 21 VPN Advanced Wizard: Step 5

LABEL

DESCRIPTION

Summary

Name

This is the name of the VPN connection (and VPN gateway).

Secure
Gateway

This is the WAN IP address or domain name of the remote IPSec router. If this field
displays 0.0.0.0, only the remote IPSec router can initiate the VPN connection.

Pre-Shared
Key

This is a pre-shared key identifying a communicating party during a phase 1 IKE
negotiation.

Local Policy This is a (static) IP address and Subnet Mask on the LAN behind your ZyWALL.