Chapter 4 Create Secure Connections Across the Internet

ZyWALL USG 20-2000 User’s Guide

92

19

Access a server or other network resource behind the ZyWALL to make sure your access works.

4.6.6  What Can Go Wrong

The IPSec VPN connection must:

• Be enabled
• Use transport mode
• Not be a manual key VPN connection
• Use 

Pre-Shared Key

 authentication

• Use a VPN gateway with the 

Secure Gateway

 set to 

0.0.0.0

 if you need to allow L2TP VPN 

clients to connect from more than one IP address.

Disconnect any existing L2TP VPN sessions before modifying L2TP VPN settings. The remote users 
must make any needed matching configuration changes and re-establish the sessions using the 
new settings.

4.7  One-Time Password Version 2 (OTPv2)

Two-factor authentication requires a user to provide two kinds of identification. Purchase the 
ZyWALL OTPv2 One-Time Password System for strong two-factor authentication for Web 
Configurator, Web access, SSL VPN, and ZyXEL IPSec VPN client user logins. For each login a user 
must use his ZyWALL OTPv2 token to generate a new OTP password and use it along with his 
normal account user name and password (the second kind of identification). An attacker cannot re-
use an OTP password that was already used for login because it is no longer valid. The system 
contains SafeWord 2008 authentication server software, hardware OTPv2 tokens, and software 
OTPv2 tokens for Windows computers and Android and iOS mobile devices. 

Figure 35   

OTPv2 Example

Here is an overview of how to use OTP. See the ZyWALL OTPv2 support note for details. 

OTP PIN

SafeWord 2008

Authentication Server

File

Email 

Web-based 

Server

Server

Application

*****