Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

IPsec ZyXEL USG40: Difference between revisions

← Older editNewer edit →
Content deleted Content added
AshleyJ (talk | contribs)
38 edits
No edit summary
AshleyJ (talk | contribs)
38 edits
Line 30: Line 30:


* The "Authentication" section needs to be set to "Pre-shared Key" - This is the pass phrase that you have set on the FireBrick.
* The "Authentication" section needs to be set to "Pre-shared Key" - This is the pass phrase that you have set on the FireBrick.
<gallery>

Zywall4.png|
</gallery>
* "Local ID type" needs to be set to "DNS". In the "Content" box, you should enter the domain name for your FireBrick. e.g. "internal2.**.co.uk".
* "Local ID type" needs to be set to "DNS". In the "Content" box, you should enter the domain name for your FireBrick. e.g. "internal2.**.co.uk".


Line 43: Line 45:


Now, click "OK" and activate the config by clicking on the entry that you have just created and pressing the "Activate" button.
Now, click "OK" and activate the config by clicking on the entry that you have just created and pressing the "Activate" button.
<gallery>

Zywall5.png|
</gallery>
<br>
<br>


Next, we're going to select the "VPN Connection" Tab and click "Add".
Next, we're going to select the "VPN Connection" Tab and click "Add".

<gallery>
Zywall6.png|
</gallery>


* Click show "Advanced settings"
* Click show "Advanced settings"
* Select "Nailed-Up" and "Enable Replay Detection".
* Select "Nailed-Up" and "Enable Replay Detection".
<gallery>

Zywall6.png|
</gallery>
* Under "VPN Gateway" select "Remote Access (Client Role) and select the VPN Gateway you just created in the drop down box.
* Under "VPN Gateway" select "Remote Access (Client Role) and select the VPN Gateway you just created in the drop down box.
* in "Local Policy" select "DMZ_SUBNET" and in "Remote Policy" select "LAN1_SUBNET".
* in "Local Policy" select "DMZ_SUBNET" and in "Remote Policy" select "LAN1_SUBNET".


<gallery>

Zywall8.png|
</gallery>


* Under "Phase 2 Setting", change the "SA Life Time" to "3000000".
* Under "Phase 2 Setting", change the "SA Life Time" to "3000000".
Line 60: Line 72:
* In the "Proposal" section, change "Encryption" to "3DES" and the "Authentication" to "SHA1".
* In the "Proposal" section, change "Encryption" to "3DES" and the "Authentication" to "SHA1".
* We then need to change the "Perfect Forward Secrecy (PFS)" to "DH2".
* We then need to change the "Perfect Forward Secrecy (PFS)" to "DH2".
<gallery>
Zywall9.png|
</gallery>
* Now all we need to do is click "OK" and "Activate".
* Now all we need to do is click "OK" and "Activate".
<gallery>

Zywall10.png|
</gallery>
<br>
<br>
Once all of this has been done, press "Connect" and you should see that you now have an active IPsec connection from your ZyWALL USG40 to your FireBrick.
Once all of this has been done, press "Connect" and you should see that you now have an active IPsec connection from your ZyWALL USG40 to your FireBrick.


<gallery>

Zywall11.png|
</gallery>




Retrieved from "http://support.aa.net.uk/IPsec_ZyXEL_USG40"