Filter
Top Products
Chapter 21 IPSec
VSG1435-B101 Series User’s Guide
267
21.4.7.1 ID Type and Content Examples
Two IPSec routers must have matching ID type and content configuration in order
to set up a VPN tunnel.
The two ZyXEL Devices in this example can complete negotiation and establish a
VPN tunnel.
The two ZyXEL Devices in this example cannot complete their negotiation because
ZyXEL Device B’s Local ID type is IP, but ZyXEL Device A’s Remote ID type is
set to E-mail. An “ID mismatched” message displays in the IPSEC LOG.
21.4.8 Pre-Shared Key
A pre-shared key identifies a communicating party during a phase 1 IKE
negotiation (see Section 21.4.3 on page 263 for more on IKE phases). It is called
“pre-shared” because you have to share it with another party before you can
communicate with them over a secure connection.
E-mail Type an e-mail address (up to 31 characters) by which to identify this
ZyXEL Device.
The domain name or e-mail address that you use in the Local ID
Content field is used for identification purposes only and does not need
to be a real domain name or e-mail address.
Table 91 Local ID Type and Content Fields
LOCAL ID
TYPE=
CONTENT=
Table 92 Matching ID Type and Content Configuration Example
ZYXEL DEVICE A ZYXEL DEVICE B
Local ID type: E-mail Local ID type: IP
Local ID content: tom@yourcompany.com Local ID content: 1.1.1.2
Remote ID type: IP Remote ID type: E-mail
Remote ID content: 1.1.1.2 Remote ID content: tom@yourcompany.com
Table 93 Mismatching ID Type and Content Configuration Example
ZYXEL DEVICE A ZYXEL DEVICE B
Local ID type: IP Local ID type: IP
Local ID content: 1.1.1.10 Local ID content: 1.1.1.2
Remote ID type: E-mail Remote ID type: IP
Remote ID content: aa@yahoo.com Remote ID content: 1.1.1.0