Firewall Zywall Usg 200 Manual
Norwegian Manufacturer Connects Vietnam Facility with ZyWALL USG Solution. All Solutions. Product Overview. USG 200/100-PLUS/100/50. Get if you just look up the manual. Firewall: ZyXEL ZyWALL ZWUSG20 Internet Security Firewall The Zyxel ZyWALL USG. ZyWALL ZWUSG20 Feature. Zyxel ZyWALL USG 200.
ZyWALL USG 100/200 Series Unified Security Gateway User's Guide Version 2. 10 5/2008 Edition 1 DEFAULT LOGIN LAN1 Port P4 IP Address 168. 1 User Name admin Password 1234 www. Com About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to want to configure the ZyWALL using the web configurator.
How To Use This Guide Read Chapter 1 on page 53 chapter for an overview of features available on the ZyWALL. Read Chapter 3 on page 65 for web browser requirements and an introduction to the main components, icons and menus in the ZyWALL web configurator. Read Chapter 4 on page 75 if you're using the wizards for first time setup and you want more detailed information than what the real time online help provides. In main mode, the ZyWALL and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below.
The identities are also encrypted using the encryption algorithm and encryption key the ZyWALL and remote IPSec router selected in previous steps. Figure 263 IKE SA: Main Negotiation Mode, Steps 5 - 6: Authentication (continued) Step 5: pre-shared key ZyWALL identity, consisting of - ID type - content Step 6: pre-shared key Remote IPSec router identity, consisting of - ID type - content You have to create (and distribute) a pre-shared key. The ZyWALL and remote IPSec router use it in the authentication process, though it is not actually transmitted or exchanged. The ZyWALL and the remote IPSec router must use the same pre-shared key.
Zywall Usg 100 Manual
ZyWALL USG 100/200 Series User's Guide 375 Chapter 20 IPSec VPN Router identity consists of ID type and content. The ID type can be domain name, IP address, or e-mail address, and the content is a (properly-formatted) domain name, IP address, or email address.
Any domain name or e-mail address that you enter does not have to actually exist. Similarly, any domain name or IP address that you enter does not have to correspond to the ZyWALL's or remote IPSec router's properties. The ZyWALL and the remote IPSec router have their own identities, so both of them must store two sets of information, one for themselves and one for the other router. Local ID type and content refers to the ID type and content that applies to the router itself, and peer ID type and content refers to the ID type and content that applies to the other router. The ZyWALL's local and peer ID type and content must match the remote IPSec router's peer and local ID type and content, respectively. For example, in Table 123 on page 376, the ZyWALL and the remote IPSec router authenticate each other successfully.
In contrast, in Table 124 on page 376, the ZyWALL and the remote IPSec router cannot authenticate each other and, therefore, cannot establish an IKE SA. Table 123 VPN Example: Matching ID Type and Content ZYWALL Local ID type: E-mail Local ID content: tom@yourcompany.
Com Peer ID type: IP Peer ID content: 1. 2 REMOTE IPSEC ROUTER Local ID type: IP Local ID content: 1. 2 Peer ID type: E-mail Peer ID content: tom@yourcompany. Com Table 124 VPN Example: Mismatching ID Type and Content ZYWALL Local ID type: E-mail Local ID content: tom@yourcompany. Com Peer ID type: IP Peer ID content: 1.
20 REMOTE IPSEC ROUTER Local ID type: IP Local ID content: 1. 2 Peer ID type: E-mail Peer ID content: tom@yourcompany. Com It is also possible to configure the ZyWALL to ignore the identity of the remote IPSec router. This is less secure, so you should only use this if your ZyWALL provides another way to check the identity of the remote IPSec router (for example, extended authentication) or if you are troubleshooting a VPN tunnel. Additional Topics for IKE SA This section provides more information about IKE SA. Negotiation Mode There are two negotiation modes-main mode and aggressive mode.
Main mode provides better security, while aggressive mode is faster. 376 ZyWALL USG 100/200 Series User's Guide Chapter 20 IPSec VPN Main mode takes six steps to establish an IKE SA. Steps 1 - 2: The ZyWALL sends its proposals to the remote IPSec router. The remote IPSec router selects an acceptable proposal and sends it back to the ZyWALL. Steps 3 - 4: The ZyWALL and the remote IPSec router exchange pre-shared keys for authentication and participate in a Diffie-Hellman key exchange, based on the accepted DH key group, to establish a shared secret. Steps 5 - 6: Finally, the ZyWALL and the remote IPSec router generate an encryption key (from the shared secret), encrypt their identities, and exchange their encrypted identity information for authentication.
In contrast, aggressive mode only takes three steps to establish an IKE SA. Aggressive mode does not provide as much security because the identity of the ZyWALL and the identity of the remote IPSec router are not encrypted. It is usually used in remote-access situations, where the address of the initiator is not known by the responder and both parties want to use pre-shared keys for authentication.
For example, the remote IPSec router may be a telecommuter who does not have a static IP address. VPN, NAT, and NAT Traversal In the following example, there is another router (A) between router X and router Y. Figure 264 VPN/NAT Example If router A does NAT, it might change the IP addresses, port numbers, or both. Ritter 119 manual. If router X and router Y try to establish a VPN tunnel, the authentication fails because it depends on this information.