Table of Contents
ZyWALL 2 Plus User’s Guide
14
14.6 IPSec SA Overview .....................................................................................................251
14.6.1 Local Network and Remote Network ...................................................................... 251
14.6.2 Virtual Address Mapping ........................................................................................ 252
14.6.3 Active Protocol ....................................................................................................... 253
14.6.4 Encapsulation ......................................................................................................... 253
14.6.5 IPSec SA Proposal and Perfect Forward Secrecy ................................................. 254
14.7 VPN Rules (IKE): Network Policy Edit ............................................................................ 255
14.8 VPN Rules (IKE): Network Policy Edit: Port Forwarding .............................................. 259
14.9 VPN Rules (IKE): Network Policy Move ........................................................................ 261
14.10 IPSec SA Using Manual Keys ................................................................................... 262
14.10.1 IPSec SA Proposal Using Manual Keys ............................................................... 262
14.10.2 Authentication and the Security Parameter Index (SPI) ....................................... 262
14.11 VPN Rules (Manual) ...................................................................................................... 262
14.12 VPN Rules (Manual): Edit ........................................................................................... 264
14.13 VPN SA Monitor .......................................................................................................... 266
14.14 VPN Global Setting ....................................................................................................... 267
14.15 Telecommuter VPN/IPSec Examples ............................................................................ 269
14.15.1 Telecommuters Sharing One VPN Rule Example ................................................ 269
14.15.2 Telecommuters Using Unique VPN Rules Example ............................................. 269
14.16 VPN and Remote Management ..................................................................................... 271
14.17 Hub-and-spoke VPN ...................................................................................................... 271
14.17.1 Hub-and-spoke VPN Example ............................................................................. 272
14.17.2 Hub-and-spoke Example VPN Rule Addresses ................................................... 273
14.17.3 Hub-and-spoke VPN Requirements and Suggestions ......................................... 273
Chapter 15
Certificates ............................................................................................................................ 275
15.1 Certificates Overview ....................................................................................................... 275
15.1.1 Advantages of Certificates ..................................................................................... 276
15.2 Self-signed Certificates .................................................................................................... 276
15.3 Verifying a Certificate ....................................................................................................... 276
15.3.1 Checking the Fingerprint of a Certificate on Your Computer .................................. 276
15.4 Configuration Summary ................................................................................................... 277
15.5 My Certificates ................................................................................................................ 278
15.6 My Certificate Details ..................................................................................................... 279
15.7 My Certificate Export ...................................................................................................... 282
15.7.1 Certificate File Export Formats ............................................................................... 282
15.8 My Certificate Import ..................................................................................................... 283
15.8.1 Certificate File Formats .......................................................................................... 284
15.9 My Certificate Create ..................................................................................................... 285
15.10 Trusted CAs ................................................................................................................. 288
15.11 Trusted CA Details ........................................................................................................ 289
15.12 Trusted CA Import ....................................................................................................... 292