ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

99

Using Pre-Shared Key for Device Authentication

The IKE protocol also provides primary authentication - verifying the identity of the remote system

before negotiating the encryption algorithm and keys. Two kinds of authentication methods are supported

on ZyWALL: pre-shared key & certificate.

If pre-shared key is used, a shared, symmetric key must be manually exchanged and configured on the

two entities. Three types of identity are available: IP, DNS and E-mail.

Here are some rules to follow in Authentication Key:

3) Pre-shared key must be configured identically on both entities

4) The Local ID Type & Content of Local ZyWALL must be the same as that of Peer ID Type &

Content of peer VPN gateway.

5) When IP is selected as ID Type, the Content must be in the format of X.X.X.X (e.g. 210.242.82.70)

6) When DNS/E-mail are selected as ID Type, the same string must be configured on both entities.