Filter
Top Products
Chapter 4 Wizard Setup
ZyWALL USG 100/200 Series User’s Guide
105
4.8.7 VPN Advanced Wizard - Phase 2
Active Protocol: ESP is compatible with NAT, AH is not.
Encapsulation: Tunnel is compatible with NAT, Transport is not.
Proposal: 3DES and AES use encryption. The longer the AES key, the higher the security
(this may affect throughput). Null uses no encryption.
Local Policy (IP/Mask): Type the IP address of a computer on your network. You can also
specify a subnet. This must match the remote IP address configured on the peer IPSec device.
Incoming Interface: The peer IPSec device connects to the ZyWALL via this interface.
Remote Policy (IP/Mask): Type the IP address of a computer behind the peer IPSec device.
You can also specify a subnet. This must match the local IP address configured on the peer
IPSec device.
Nailed-Up: Select this to have the ZyWALL automatically renegotiate the IPSec SA when the
SA life time expires.
This read-only screen shows the status of the current VPN setting. Use the summary table to
check whether what you have configured is correct.
Figure 42 VPN Advanced Wizard: Step 5
The following table describes the labels in this screen.
Table 21 VPN Advanced Wizard: Step 5
LABEL DESCRIPTION
Summary
Name This is the name of the VPN connection (and VPN gateway).
Secure
Gateway
This is the WAN IP address or domain name of the remote IPSec router. If this field
displays 0.0.0.0, only the remote IPSec router can initiate the VPN connection.
Pre-Shared
Key
This is a pre-shared key identifying a communicating party during a phase 1 IKE
negotiation.
Local Policy This is a (static) IP address and Subnet Mask on the LAN behind your ZyWALL.