2 the vpn connection screen, Figure 251 vpn > ipsec vpn > vpn connection, Reens (see – ZyXEL Communications 200 Series User Manual
Page 353
Chapter 20 IPSec VPN
ZyWALL USG 100/200 Series User’s Guide
353
You should set up the following features before you set up the VPN tunnel.
• In any VPN connection, you have to select address objects to specify the local policy and
remote policy. You should set up the address objects first.
• In a VPN gateway, you can select an Ethernet interface, virtual Ethernet interface, cellular
interface, VLAN interface, or virtual VLAN interface to specify what address the
ZyWALL uses as its IP address when it establishes the IKE SA. You should set up the
interface first. See
• In a VPN gateway, you can enable extended authentication. If the ZyWALL is in server
mode, you should set up the authentication method (AAA server) first. The authentication
method specifies how the ZyWALL authenticates the remote IPSec router. See
• In a VPN gateway, the ZyWALL and remote IPSec router can use certificates to
authenticate each other. Make sure the ZyWALL and the remote IPSec router will trust
each other’s certificates. See
.
20.2 The VPN Connection Screen
The VPN Connection screen lists the VPN connection policies and their associated VPN
gateway(s), and various settings. In addition, it also lets you activate / deactivate and connect /
disconnect each VPN connection (each IPSec SA).
To access this screen, click VPN > IPSec VPN. The following screen appears.
"
Except for dynamic IPSec VPN rules, each VPN connection requires a
corresponding policy route.
Dynamic IPSec VPN rules only require a corresponding policy route if you select Use Policy
Route to control dynamic IPSec rules.
The VPN wizard automatically creates a corresponding policy route. If you create the VPN
connection in the VPN > IPSec VPN screens, you need to manually create a corresponding
policy route.
Figure 251 VPN > IPSec VPN > VPN Connection