Chapter 20 IPSec VPN
ZyWALL ATP Series User’s Guide
380
shared key (shared secret), signatures, or public key encryption. Phase 1 operates in either
Main Mode
or
Aggressive Mode
.
Main Mode
protects the identity of the peers, but
Aggressive Mode
does not.
During Phase 2, the remote IPSec routers use the secure channel established in Phase 1 to negotiate
Security Associations for IPSec. The negotiation results in a minimum of two unidirectional security
associations (one inbound and one outbound). Phase 2 uses Quick Mode (only). Quick mode occurs
after IKE has established the secure tunnel in Phase 1. It negotiates a shared IPSec policy, derives shared
secret keys used for the IPSec security algorithms, and establishes IPSec SAs. Quick mode is also used to
renegotiate a new IPSec SA when the IPSec SA lifetime expires.
In the Zyxel Device, use the
VPN Connection
tab to set up Phase 2 and the
VPN Gateway
tab to set up
Phase 1.
Some differences between IKEv1 and IKEv2 include:
• IKEv2 uses less bandwidth than IKEv1. IKEv2 uses one exchange procedure with 4 messages. IKEv1 uses
two phases with Main Mode (9 messages) or Aggressive Mode (6 messages) in phase 1.
• IKEv2 supports Extended Authentication Protocol (EAP) authentication, and IKEv1 supports X-Auth.
EAP is important when connecting to existing enterprise authentication systems.
• IKEv2 always uses NAT traversal and Dead Peer Detection (DPD), but they can be disabled in IKEv1
using Zyxel Device firmware (the default is on).
• Configuration payload (includes the IP address pool in the VPN setup data) is supported in IKEv2 (off
by default), but not in IKEv1.
• Narrowed is supported in IKEv2, but not in IKEv1. Narrowed has the SA apply only to IP addresses in
common between the Zyxel Device and the remote IPSec router.
• The IKEv2 protocol supports connectivity checks which is used to detect whether the tunnel is still up
or not. If the check fails (the tunnel is down), IKEv2 can re-establish the connection automatically. The
Zyxel Device uses firmware to perform connectivity checks when using IKEv1.
SSL VPN
SSL VPN uses remote users’ web browsers to provide the easiest-to-use of the Zyxel Device’s VPN
solutions. A user just browses to the Zyxel Device’s web address and enters his user name and password
to securely connect to the Zyxel Device’s network. Remote users do not need to configure security
settings. Here a user uses his browser to securely connect to network resources in the same way as if he
were part of the internal network. See
Figure 267
SSL VPN
Web Mail
File Share
Web-based Application
https://
Application Server
Non-Web
LAN (192.168.1.X)
Содержание ATP200
Страница 23: ...23 PART I User s Guide ...
Страница 113: ...113 PART II Technical Reference ...
Страница 216: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 216 Configuration Network Interface Ethernet Edit External Type ...
Страница 218: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 218 Figure 170 Configuration Network Interface Ethernet Edit OPT ...
Страница 236: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 236 Figure 179 Configuration Network Interface PPP Add ...
Страница 244: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 244 Figure 181 Configuration Network Interface Cellular Add Edit ...
Страница 259: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 259 Figure 191 Configuration Network Interface VLAN Add Edit ...
Страница 260: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 260 ...
Страница 273: ...Chapter 9 Interfaces ZyWALL ATP Series User s Guide 273 Figure 193 Configuration Network Interface Bridge Add Edit ...
Страница 361: ...Chapter 15 UPnP ZyWALL ATP Series User s Guide 361 Figure 250 Network Connections My Network Places Properties Example ...
Страница 387: ...Chapter 20 IPSec VPN ZyWALL ATP Series User s Guide 387 Figure 271 Configuration VPN IPSec VPN VPN Connection Add Edit ...
Страница 395: ...Chapter 20 IPSec VPN ZyWALL ATP Series User s Guide 395 Figure 273 Configuration VPN IPSec VPN VPN Gateway Add Edit ...
Страница 478: ...Chapter 25 Security Policy ZyWALL ATP Series User s Guide 478 Figure 328 Configuration Security Policy Policy Control ...
Страница 712: ...Chapter 37 System ZyWALL ATP Series User s Guide 712 Figure 470 Configuration System WWW Login Page Desktop View ...