Operation Manual

ManualsBrandsZyXEL ManualscomputerSBG3300-N series

201

202

203

204

205

206

207

208

209

210

Chapter 19 IPSec VPN

SBG3300-N Series User’s Guide

210

Pre-Shared Key Select this to have the Device and remote IPSec router use a pre-shared key

(password) to identify each other when they negotiate the IKE SA. Type the pre-shared

key in the field to the right. The pre-shared key can be

• 8 - 32 keyboard characters except (=) equals sign, (-) dash, (/) slash, (\)

backslash, or (",') quotation marks.

• 8 - 32 pairs of hexadecimal (0-9, A-F) characters, preceded by “0x”.

If you want to enter the key in hexadecimal, type “0x” at the beginning of the key. For

example, "0x0123456789ABCDEF" is in hexadecimal format; in “0123456789ABCDEF”

is in ASCII format. If you use hexadecimal, you must enter twice as many characters

since you need to enter pairs.

The Device and remote IPSec router must use the same pre-shared key.

Note: All remote access application scenario of IPsec rules must use the same pre-

shared key.

Certificate In order to use Certificate for IPsec authentication, you need to add new host

certificates in the Security > Certificates screen.

Select this to have the Device and remote IPSec router use certificates to authenticate

each other when they negotiate the IKE SA. Then select the certificate the Device uses

to identify itself to the remote IPsec router.

This certificate is one of the certificates in Certificates. If this certificate is self-signed,

import it into the remote IPsec router. If this certificate is signed by a CA, the remote

IPsec router must trust that CA.

Note: The IPSec routers must trust each other’s certificates.

The Device uses one of its Trusted Certificates to authenticate the remote IPSec

router’s certificate. The trusted certificate can be a self-signed certificate or that of a

trusted CA that signed the remote IPSec router’s certificate.

Local/Remote ID

Type

Select which type of identification is used to identify the Device during authentication.

Any - The Device does not check the identity of the itself/remote IPSec router.

IP - The Device/remote IPSec router is identified by its IP address.

FQDN - The Device/remote IPSec router is identified by a domain name.

User-FQDN - The Device/remote IPSec router is identified by an e-mail address.

Note: The options FQDN and User-FQDN of Local ID Type and Remote ID Type are not

applicable if you select Main as the Negotiation Mode with Pre-Shared Key.

Local/Remote ID

Content

When you select IP in the Local/Remote ID Type field, type the IP address of your

computer in the Local/Remote ID Content field.

When you select FQDN or User-FQDN in the Local/Remote ID Type field, type a

domain name or e-mail address by which to identify this Device in the Local/Remote

ID Content field.

Table 91 VPN > IPSec VPN > Setup > Edit (continued)

LABEL DESCRIPTION