Manualshelf

User's Manual

ManualsBrandsZyXEL ManualsNetworkingISG50
361362363364365366367368369370
Chapter 24 IPSec VPN
ISG50 User’s Guide
370
24.1.3 Before You Begin
This section briefly explains the relationship between VPN tunnels and other features. It also gives
some basic suggestions for troubleshooting.
You should set up the following features before you set up the VPN tunnel.
In any VPN connection, you have to select address objects to specify the local policy and remote
policy. You should set up the address objects first.
In a VPN gateway, you can select an Ethernet interface, virtual Ethernet interface, VLAN
interface, or virtual VLAN interface to specify what address the ISG50 uses as its IP address
when it establishes the IKE SA. You should set up the interface first. See Chapter 12 on page
233.
In a VPN gateway, you can enable extended authentication. If the ISG50 is in server mode, you
should set up the authentication method (AAA server) first. The authentication method specifies
how the ISG50 authenticates the remote IPSec router. See Chapter 48 on page 631.
In a VPN gateway, the ISG50 and remote IPSec router can use certificates to authenticate each
other. Make sure the ISG50 and the remote IPSec router will trust each other’s certificates. See
Chapter 50 on page 643.
24.2 The VPN Connection Screen
Click Configuration > VPN > IPSec VPN to open the VPN Connection screen. The VPN
Connection screen lists the VPN connection policies and their associated VPN gateway(s), and
various settings. In addition, it also lets you activate / deactivate and connect / disconnect each
VPN connection (each IPSec SA). Click a column’s heading cell to sort the table entries by that
column’s criteria. Click the heading cell again to reverse the sort order.
Figure 248 Configuration > VPN > IPSec VPN > VPN Connection