Detailed instructions for use are in the User's Guide.
[. . . ] Vantage CNM
Centralized Network Management
User's Guide
Version 2. 1. 00. 61. 00 October 2004
Vantage CNM User's Guide
Copyright
Copyright © 2004 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Note: Refer also to the "Open Software Announcements" on page 398.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. [. . . ] You do not configure the local ID type and content when you set Authentication Method to Certificate. The ZyXEL device takes them from the certificate you select.
Enable Replay Detection Keep Alive
A-End/Z-End NAT Traversal (Only Available in ZyWALL)
A-End/Z-End Device My IP Peer IP
ID Type
Chapter 11 Configuration > VPN
162
Vantage CNM User's Guide Table 57 Configuration > VPN > Tunnel IPSec Detail (continued)
LABEL ID Content DESCRIPTION When you select IP in the Local ID Type field, type the IP address of your computer. The ZyXEL device uses the IP address in the My IP Address field if you configure the local Content field to 0. 0. 0. 0 or leave it blank. It is recommended that you type an IP address other than 0. 0. 0. 0 in the local Content field or use the DNS or E-mail ID type in the following situations. When you want the remote IPSec router to be able to distinguish between VPN connection requests that come in from IPSec routers with dynamic WAN IP addresses. With DNS or E-mail in the Local ID Type field, type a domain name or e-mail address by which to identify this ZyXEL device. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string. This is the IP address(es) of computer(s) the A-end or Z-end of the VPN tunnel. The same (static) IP address is displayed twice in the Address Start and Address End fields when the Address Type field is configured to Single. The beginning and ending (static) IP addresses, in a range of computers are displayed when the Address Type is configured to Range. A (static) IP address and a subnet mask are displayed when the Address Type field is configured to Subnet. Enter the beginning IP address of the computers behind the ZyXEL device. Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3 Type a port number from 0 to 65535 for the starting port in a range. Type a port number greater than the start port number to specify the end port in a port range. There are two phases to every IKE (Internet Key Exchange) negotiation phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec. Aggressive mode is quicker than Main mode because it eliminates several steps when the communicating parties are negotiating authentication (phase 1). However the trade-off is that faster speed limits its negotiating power and it also does not provide identity protection. It is useful in remote access situations where the address of the initiator is not know by the responder and both parties want to use pre-shared key authentication.
Address Type
Address Start Address End Port Start
Port End
Phase 1
Negotiation Mode
163
Chapter 11 Configuration > VPN
Vantage CNM User's Guide Table 57 Configuration > VPN > Tunnel IPSec Detail (continued)
LABEL Pre-Shared key DESCRIPTION A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called pre-shared because you have to share it with another party before you can communicate with them over a secure connection. ZyXEL gateways authenticate an IKE VPN session by matching pre-shared keys. [. . . ] Any other use of the Software by any other entity is strictly forbidden and is a violation of this License Agreement.
3. Copyright The Software and Documentation contain material that is protected by United States Copyright Law and trade secret law, and by international treaty provisions. You may not remove any proprietary notice of ZyXEL or any of its licensors from any copy of the Software or Documentation.
4. Restrictions
425
Vantage CNM User's Guide
You may not publish, display, disclose, sell, rent, lease, modify, store, loan, distribute, or create derivative works of the Software, or any part thereof. You may not assign, sublicense, convey or otherwise transfer, pledge as security or otherwise encumber the rights and licenses granted hereunder with respect to the Software. You may not copy, reverse engineer, decompile, reverse compile, translate, adapt, or disassemble the Software, or any part thereof, nor shall you attempt to create the source code from the object code for the Software. [. . . ]