beautypg.com

ZyXEL Communications ZyXEL ZyWALL 5 User Manual

Page 235

background image

ZyWALL 5 User’s Guide

234

Chapter 14 VPN Screens

Local ID Type

Select IP to identify this ZyWALL by its IP address.
Select DNS to identify this ZyWALL by a domain name.
Select E-mail to identify this ZyWALL by an e-mail address.
You do not configure the local ID type and content when you set Authentication

Key to Certificate. The ZyWALL takes them from the certificate you select.

Content

When you select IP in the Local ID Type field, type the IP address of your

computer in the local Content field. The ZyWALL automatically uses the IP

address in the My ZyWALL field (refer to the My ZyWALL field description) if you

configure the local Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the local

Content field or use the DNS or E-mail ID type in the following situations.

When there is a NAT router between the two IPSec routers.

When you want the remote IPSec router to be able to distinguish between

VPN connection requests that come in from IPSec routers with dynamic WAN

IP addresses.

When you select DNS or E-mail in the Local ID Type field, type a domain name

or e-mail address by which to identify this ZyWALL in the local Content field. Use

up to 31 ASCII characters including spaces, although trailing spaces are

truncated. The domain name or e-mail address is for identification purposes only

and can be any string.

Peer ID Type

Select from the following when you set Authentication Key to Pre-shared Key.

Select IP to identify the remote IPSec router by its IP address.

Select DNS to identify the remote IPSec router by a domain name.

Select E-mail to identify the remote IPSec router by an e-mail address.

Select from the following when you set Authentication Key to Certificate.

Select IP to identify the remote IPSec router by the IP address in the subject

alternative name field of the certificate it uses for this VPN connection.

Select DNS to identify the remote IPSec router by the domain name in the

subject alternative name field of the certificate it uses for this VPN connection.

Select E-mail to identify the remote IPSec router by the e-mail address in the

subject alternative name field of the certificate it uses for this VPN connection.

Select Subject Name to identify the remote IPSec router by the subject name

of the certificate it uses for this VPN connection.

Select Any to have the ZyWALL not check the remote IPSec router's ID.

Table 68 VPN Rules (IKE): Gateway Policy: Edit (continued)

LABEL

DESCRIPTION

See also other documents in the category ZyXEL Communications Hardware: