53.4. Connection

53.4.1. IKE / Phase 1

  1. Open Configuration > VPN > IPSec VPN VPN Gateway tab. Create a new IKE connection to a peer with Add.

  2. Click Show Advanced Settings to see all of the necessary fields.

  3. Enter the IP or DNS name of the Intra2net system as the peer gateway address. Even if the Intra2net system uses a dynamic IP with DynDNS, you must select Static Address.

  4. Specify the authentication on certificates and select the previously created certificate for the ZyWALL.

  5. Select AES128 and SHA1 as Proposal, the matching Key Group is DH2.

  6. If the Zywall or Intra2net system is located behind a NAT router, you need to enable NAT Traversal.

53.4.2. IPSec / Phase 2

  1. Go to Configuration > VPN > IPSec VPN VPN Connection tab. Create a new IPSec connection with Add.

  2. Create a network object for the network of the peer. Use the Create new Object > Address menu. Use SUBNET as type and enter the network address and netmask.

  3. Click Show Advanced Settings to see all of the necessary fields.

  4. Set the connection to Nailed Up so that ZyWALL keeps the connection open automatically.

  5. Select Site-to-site and select the newly created IKE connection to the Intra2net system as gateway.

  6. Select the network to be connected behind the Zywall as Local policy. As Remote Policy select the network object you just created with the network of the Intra2net system.

  7. Activate Policy Enforcement to ensure that the connection is secure against network manipulation.

  8. Select Proposal AES128 and SHA1, set Perfect Forward Secrecy (PFS) to DH2.

The connection is now configured and should be established in the background.