ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

249

F11. What are Local ID and Peer ID?

Local ID and Peer ID are used in IKE phase 1 negotiation. It’s in FQDN(Fully Qualified Domain Name)

format, IKE standard takes it as one type of Phase 1 ID.

Phase 1 ID is identification for each VPN peer. The type of Phase 1 ID may be IP/FQDN (DNS)/User

FQDN (E-mail). The content of Phase 1 ID depends on the Phase 1 ID type. The following is an example

for how to configure phase 1 ID.

ID type Content

------------------------------------

IP 202.132.154.1

DNS www.zyxel.com

E-mail [email protected]

Please note that, in ZyWALL, if "DNS" or "E-mail" type is chosen, you can still use a random string as

the content, such as "this_is_zywall". It's not neccessary to follow the format exactly.

By default, ZyWALL takes IP as phase 1 ID type for itself and it's remote peer. But if its remote peer is

using DNS or E-mail, you have to adjust the settings to pass phase 1 ID checking.

When should I use FQDN?

If your VPN connection is ZyWALL to ZyWALL, and both of them have static IP address, and there is no

NAT router in between, you can ignore this option. Just leave Local/Peer ID type as IP, and then skip this

option.

If either side of VPN tunneling end point is using dynamic IP address, you may need to configure ID for

the one with dynamic IP address. And in this case, "Aggressive mode" is recommended to be applied in

phase 1 negotiation.

F12. Is my ZyWALL ready for IPSec VPN?

IPSec VPN is available for ZyWALL since ZyNOS V3.50. It is free upgrade, no registration is needed.

By upgrading the firmware and also configurations (romfile) to ZyNOS V3.50, the IPSec VPN capability

is ready in your ZyWALL. You then can configure VPN via web configurator. Please download the

firmware from our web site.

F13. How do I configure ZyWALL VPN?

You can configure ZyWALL for VPN via web GUI. ZyWALL 1 supports Web only.