54.4. Connection

54.4.1. IKE / Phase 1

  1. Open "Configuration > VPN > IPSec VPN" VPN Gateway tab. Create a new IKE connection to a peer with "Add".

  2. Click "Show Advanced Settings" to see all of the necessary fields.

  3. Enter the IP or DNS name of the Intra2net system as the peer gateway address. Even if the Intra2net system uses a dynamic IP with DynDNS, you must select "Static Address".

  4. Specify the authentication on certificates and select the previously created certificate for the ZyWALL.

  5. Select AES128 and SHA1 as Proposal, the matching "Key Group" is DH2.

  6. If the Zywall or Intra2net system is located behind a NAT router, you need to enable "NAT Traversal".

54.4.2. IPSec / Phase 2

  1. Go to "Configuration > VPN > IPSec VPN" VPN Connection tab. Create a new IPSec connection with "Add".

  2. Create a network object for the network of the peer. Use the "Create new Object > Address" menu. Use SUBNET as type and enter the network address and netmask.

  3. Click "Show Advanced Settings" to see all of the necessary fields.

  4. Set the connection to Nailed Up so that ZyWALL keeps the connection open automatically.

  5. Select Site-to-site and select the newly created IKE connection to the Intra2net system as gateway.

  6. Select the network to be connected behind the Zywall as "Local policy". As "Remote Policy" select the network object you just created with the network of the Intra2net system.

  7. Activate "Policy Enforcement" to ensure that the connection is secure against network manipulation.

  8. Select "Proposal" AES128 and SHA1, set " Perfect Forward Secrecy (PFS)" to DH2.

The connection is now configured and should be established in the background.