ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual

Page 220

Advertising
background image

ZyWALL 2 Series User’s Guide

14-14

VPN Screens

Table 14-7 Basic IKE VPN Rule Edit

LABEL

DESCRIPTION

Server Mode

Select Server Mode to have this ZyWALL authenticate extended authentication clients
that request this VPN connection.

You must also configure the extended authentication clients’ usernames and passwords in
the auth server’s local user database or a RADIUS server (see the Authentication Server
section).

Click Local User to go to the Local User Database screen where you can view and/or
edit the list of users and passwords. Click RADIUS to go to the RADIUS screen where you
can configure the ZyWALL to check an external RADIUS server.

During authentication, if the ZyWALL (in server mode) does not find the extended
authentication clients’ user name in its internal user database and an external RADIUS
server has been enabled, it attempts to authenticate the client through the RADIUS server.

Client Mode

Select Client Mode to have your ZyWALL use a username and password when initiating
this VPN connection to the extended authentication server ZyWALL. Only a VPN extended
authentication client can initiate this VPN connection.

User Name Enter a user name for your ZyWALL to be authenticated by the VPN peer (in server

mode). The user name can be up to 31 case-sensitive ASCII characters, but spaces are
not allowed. You must enter a user name and password when you select client mode.

Password Enter the corresponding password for the above user name. The password can be up to

31 case-sensitive ASCII characters, but spaces are not allowed.

Local:

Local IP addresses must be static and correspond to the remote IPSec router's configured remote IP
addresses.

Two active SAs can have the same configured local or remote IP address, but not both. You can configure
multiple SAs between the same local and remote IP addresses, as long as only one is active at any time.

In order to have more than one active rule with the Secure Gateway Address field set to 0.0.0.0, the ranges
of the local IP addresses cannot overlap between rules.

If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field and the LAN’s full IP address
range as the local IP address, then you cannot configure any other active rules with the Secure Gateway
Address field set to 0.0.0.0.

Client to Site

Select this radio button to build a client to site VPN connection.

Advertising
Popular Brands
Popular manuals