1 id type and content examples, 7 pre-shared key – ZyXEL Communications ZyXEL ZyWALL P1 User Manual
Page 135
ZyWALL P1 User’s Guide
134
Chapter 9 VPN Screens
9.6.1 ID Type and Content Examples
Two IPSec routers must have matching ID type and content configuration in order to set up a
VPN tunnel.
The two ZyWALLs in this example can complete negotiation and establish a VPN tunnel.
The two ZyWALLs in this example cannot complete their negotiation because ZyWALL B’s
Local ID type is IP, but ZyWALL A’s Peer ID type is set to E-mail. An ID mismatched
message displays in the IPSEC LOG.
9.7 Pre-Shared Key
A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see
for more on IKE phases). It is called pre-shared because you have to
share it with another party before you can communicate with them over a secure connection.
Subject Name
Type the subject name (up to 255 characters) by which to identify the remote IPSec
router. This option is available only when you set Authentication Method to
Certificate.
The domain name or e-mail address that you use in the Content field is used for identification purposes
only and does not need to be a real domain name or e-mail address. The domain name also does not
have to match the remote router’s IP address or what you configure in the Secure Gateway Address
field below.
Table 40 Peer ID Type and Content Fields
PEER ID TYPE=
CONTENT=
Table 41 Matching ID Type and Content Configuration Example
ZYWALL A
ZYWALL B
Local ID type: E-mail
Local ID type: IP
Local ID content: [email protected]
Local ID content: 1.1.1.2
Peer ID type: IP
Peer ID type: E-mail
Peer ID content: 1.1.1.2
Peer ID content: [email protected]
Table 42 Mismatching ID Type and Content Configuration Example
ZYWALL A
ZYWALL B
Local ID type: IP
Local ID type: IP
Local ID content: 1.1.1.10
Local ID content: 1.1.1.10
Peer ID type: E-mail
Peer ID type: IP
Peer ID content: [email protected]
Peer ID content: N/A