Support User Manuals

ZyXEL Communications vantage cnm Dust Collector User Manual

Open as PDF

of 438

Chapter 6 Device Security Settings

Vantage CNM User’s Guide

132

Local ID Type Select IP to identify this device by its IP address.

Select DNS to identify this device by a domain name.

Select E-mail to identify this device by an e-mail address.

You do not configure the local ID type and content when you set

Authentication Key to Certificate. The device takes them from the

certificate you select.

Content When you select IP in the Local ID Type field, type the IP address of your

computer in the local Content field. The device automatically uses the IP

address in the My ZyWALL field (refer to the My ZyWALL field description) if

you configure the local Content field to 0.0.0.0 or leave it blank.

It is recommended that you type an IP address other than 0.0.0.0 in the local

Content field or use the DNS or E-mail ID type in the following situations.

• When there is a NAT router between the two IPSec routers.

• When you want the remote IPSec router to be able to distinguish between

VPN connection requests that come in from IPSec routers with dynamic

WAN IP addresses.

When you select DNS or E-mail in the Local ID Type field, type a domain

name or e-mail address by which to identify this device in the local Content

field. Use up to 31 ASCII characters including spaces, although trailing

spaces are truncated. The domain name or e-mail address is for identification

purposes only and can be any string.

Peer ID Type Select from the following when you set Authentication Key to Pre-shared

Key.

•Select IP to identify the remote IPSec router by its IP address.

•Select DNS to identify the remote IPSec router by a domain name.

•Select E-mail to identify the remote IPSec router by an e-mail address.

Select from the following when you set Authentication Key to Certificate.

•Select IP to identify the remote IPSec router by the IP address in the

subject alternative name field of the certificate it uses for this VPN

connection.

•Select DNS to identify the remote IPSec router by the domain name in the

subject alternative name field of the certificate it uses for this VPN

connection.

•Select E-mail to identify the remote IPSec router by the e-mail address in

the subject alternative name field of the certificate it uses for this VPN

connection.

•Select Subject Name to identify the remote IPSec router by the subject

name of the certificate it uses for this VPN connection.

•Select Any to have the device not check the remote IPSec router's ID.

Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) >

Gateway Policy Add/Edit

LABEL DESCRIPTION

previous next