IPsec ZyXEL USG40: Difference between revisions

 

* The "Authentication" section needs to be set to "Pre-shared Key" - This is the pass phrase that you have set on the FireBrick.

* "Local ID type" needs to be set to "DNS". In the "Content" box, you should enter the domain name for your FireBrick. e.g. "internal2.**.co.uk".

 

 

Now, click "OK" and activate the config by clicking on the entry that you have just created and pressing the "Activate" button.

<br>

 

Next, we're going to select the "VPN Connection" Tab and click "Add".

 

* Click show "Advanced settings"

* Select "Nailed-Up" and "Enable Replay Detection".

* Under "VPN Gateway" select "Remote Access (Client Role) and select the VPN Gateway you just created in the drop down box.

* in "Local Policy" select "DMZ_SUBNET" and in "Remote Policy" select "LAN1_SUBNET".

 

 

* Under "Phase 2 Setting", change the "SA Life Time" to "3000000".

* In the "Proposal" section, change "Encryption" to "3DES" and the "Authentication" to "SHA1".

* We then need to change the "Perfect Forward Secrecy (PFS)" to "DH2".

* Now all we need to do is click "OK" and "Activate".

<br>

Once all of this has been done, press "Connect" and you should see that you now have an active IPsec connection from your ZyWALL USG40 to your FireBrick.