![background image](/i/zyxel/144611/zyxel-zywall-usg-1000/h/zyxel-zywall-usg-1000-092.png)
Chapter 4 Create Secure Connections Across the Internet
ZyWALL USG 20-2000 User’s Guide
92
19
Access a server or other network resource behind the ZyWALL to make sure your access works.
4.6.6 What Can Go Wrong
The IPSec VPN connection must:
• Be enabled
• Use transport mode
• Not be a manual key VPN connection
• Use
Pre-Shared Key
authentication
• Use a VPN gateway with the
Secure Gateway
set to
0.0.0.0
if you need to allow L2TP VPN
clients to connect from more than one IP address.
Disconnect any existing L2TP VPN sessions before modifying L2TP VPN settings. The remote users
must make any needed matching configuration changes and re-establish the sessions using the
new settings.
4.7 One-Time Password Version 2 (OTPv2)
Two-factor authentication requires a user to provide two kinds of identification. Purchase the
ZyWALL OTPv2 One-Time Password System for strong two-factor authentication for Web
Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins. For each login a user
must use his ZyWALL OTPv2 token to generate a new OTP password and use it along with his
normal account user name and password (the second kind of identification). An attacker cannot re-
use an OTP password that was already used for login because it is no longer valid. The system
contains SafeWord 2008 authentication server software, hardware OTPv2 tokens, and software
OTPv2 tokens for Windows computers and Android and iOS mobile devices.
Figure 35
OTPv2 Example
Here is an overview of how to use OTP. See the ZyWALL OTPv2 support note for details.
OTP PIN
SafeWord 2008
Authentication Server
File
Web-based
Server
Server
Application
*****