Filter
Top Products
Chapter 20 IPSec VPN
ZyWALL USG 300 User’s Guide
305
Authentication
Key
Enter the authentication key, which depends on the authentication algorithm.
MD5 - type a unique key 16-20 characters long
SHA1 - type a unique key 20 characters long
You can use any alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./<>=-". If you
want to enter the key in hexadecimal, type “0x” at the beginning of the key. For
example, "0x0123456789ABCDEF" is in hexadecimal format; in
“0123456789ABCDEF” is in ASCII format. If you use hexadecimal, you must enter
twice as many characters as listed above.
The remote IPSec router must have the same authentication key.
The ZyWALL ignores any characters above the minimum number of characters
required by the algorithm. For example, if you enter
12345678901234567890
for a MD5 authentication key, the ZyWALL only uses
1234567890123456.
The ZyWALL still stores the longer key.
Policy You can set up overlapping local policies or overlapping remote policies in the
ZyWALL.
Local Policy Select the address or address group corresponding to the local network. Select
Create Object to configure a new one.
Remote Policy Select the address or address group corresponding to the remote network. Select
Create Object to configure a new one.
Property
My Address Type the IP address of the ZyWALL in the IPSec SA. 0.0.0.0 is invalid.
Secure
Gateway
Address
Type the IP address of the remote IPSec router in the IPSec SA.
Enable
NetBIOS
broadcast
over IPSec
Select this check box if you want the ZyWALL to send NetBIOS (Network Basic
Input/Output System) packets through the IPSec SA.
NetBIOS packets are TCP or UDP packets that enable a computer to connect to
and communicate with a LAN. It may sometimes be necessary to allow NetBIOS
packets to pass through IPSec SAs in order to allow local computers to find
computers on the remote network and vice versa.
Inbound/
Outbound Traffic
NAT
Click the Advanced button to show and hide this section.
Outbound Traffic
Source NAT This translation hides the source address of computers in the local network. It may
also be necessary if you want the ZyWALL to route packets from computers
outside the local network through the IPSec SA.
Source Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the
computer or network outside the local network. The size of the original source
address range (Source) must be equal to the size of the translated source
address range (SNAT).
Destination Select the address object that represents the original destination address (or
select Create Object to configure a new one). This is the address object for the
remote network.
SNAT Select the address object that represents the translated source address (or select
Create Object to configure a new one). This is the address object for the local
network. The size of the original source address range (Source) must be equal to
the size of the translated source address range (SNAT).
Inbound Traffic
Source NAT This translation hides the source address of computers in the remote network.
Table 92 VPN > IPSec VPN > VPN Connection > Manual Key > Edit (continued)
LABEL DESCRIPTION