IPSec and SSL VPN Client

SecuExtender VPN Client

IPSec VPN Client Subscription Service (Time-based)

The Windows version software must be activated with a license key from SecuExtender IPSec VPN Client Subscription Service for Windows/macOS (1YR/3YR license). The software is not compatible with the license key from legacy SecuExtender IPSec VPN Windows Client.

Service Category Part Number Description
Connectivity SECUEXTENDER-ZZ1Y01F SecuExtender; Zero Trust IPSec VPN Client Subscription for Windows/macOS, 1-user; 1YR
Connectivity SECUEXTENDER-ZZ3Y01F SecuExtender; Zero Trust IPSec VPN Client Subscription for Windows/macOS, 1-user; 3YR
Connectivity SECUEXTENDER-ZZ1Y05F SecuExtender; Zero Trust IPSec VPN Client Subscription for Windows/macOS, 5-user; 1YR
Connectivity SECUEXTENDER-ZZ3Y05F SecuExtender; Zero Trust IPSec VPN Client Subscription for Windows/macOS, 5-user; 3YR
Connectivity SECUEXTENDER-ZZ1Y10F SecuExtender; Zero Trust IPSec VPN Client Subscription for Windows/macOS, 10-user; 1YR
Connectivity SECUEXTENDER-ZZ3Y10F SecuExtender; Zero Trust IPSec VPN Client Subscription for Windows/macOS, 10-user; 3YR
Connectivity SECUEXTENDER-ZZ1Y50F SecuExtender; Zero Trust IPSec VPN Client Subscription for Windows/macOS, 50-user; 1YR
Connectivity SECUEXTENDER-ZZ3Y50F SecuExtender; Zero Trust IPSec VPN Client Subscription for Windows/macOS, 50-user; 3YR
  • Windows 10 64-bit
  • Windows 11 64-bit
  • macOS 10.15 or above
  • 5M Bytes free disk space

Hash Algorithms

  • SHA2-HMAC 256-bit authentication
  • SHA2-HMAC 384-bit authentication
  • SHA2-HMAC 512-bit authentication

Encryption

  • AES 128, 192, 256-bit encryption
  • AES GCM 128,192, 256-bit encryption
  • AES CTR 128, 192, 256-bit encryption

Diffie Hellman Group Support

  • Group 14: MODP 2048
  • Group 15: MODP 3072
  • Group 16: MODP 4096
  • Group 17: MODP 6144
  • Group 18: MODP 8192
  • Group 19: ECP 256 (IKEv2 only)
  • Group 20: ECP 384 (IKEv2 only)
  • Group 21: ECP 512 (IKEv2 only)

Authentication Mechanism

  • PSK (Pre-shared Key)
  • EAP (Login/Password)
  • PKI (X.509) Certificate
  • Certificate authentication methods:
    • RSA Digital Signature [RFC 7296]
    • ECDSA avec SHA-256 [RFC 4754]
    • Digital Signature Authentication RSA [RFC 7427]
  • X-Auth (IKEv1)
  • Hybrid: X-Auth + Certificate (IKEv1)

Certificate Formats

  • PEM
  • PFX
  • PKCS #12

Key Management

  • ISAKMP (RFC2408)
  • IKE (RFC2409) & IPSec mode
  • IKEv2 (RFC7383)
  • ESP

IKEv1 support

  • Mode Config
  • IP fragmentation
  • NAT-Traversal
  • Check gateway’s remote ID
  • Tunnel and transport modes
  • Auto mode (negotiation of algorithms with gateway)

IKEv2 support

  • Mode CP
  • IP fragmentation
  • NAT-Traversal
  • Childless IKE (RFC 6023)
  • Extended Sequence Number (ESC) (RFC 4304)

Endpoint Visibility

  • Collecting endpoint information for admission control
    • MAC address
    • Inner IPv4 address
    • Hostname
    • Unique ID
    • Zyxel client version
    • OS type
    • OS version
    • System manufacturer
    • System model

Networking

  • NAT traversal (Draft 1, 2 & 3)
  • Dead Peer Detection (DPD)
  • Redundant gateway

Connection Technologies

  • Dial-up modem
  • GPRS
  • Ethernet
  • WiFi
IPSec VPN Windows Client (Perpetual)
Service Category Part Number Description
Connectivity SECUEXTENDER-ZZ0201F IPSec VPN Windows Client 1 License
Connectivity SECUEXTENDER-ZZ0201F IPSec VPN Windows Client 5 Licenses
Connectivity SECUEXTENDER-ZZ0203F IPSec VPN Windows Client 10 Licenses
Connectivity SECUEXTENDER-ZZ0204F IPSec VPN Windows Client 50 Licenses
  • Windows 7 32/64-bit
  • Windows 8 32/64-bit
  • Windows 10 32/64-bit
  • 5M Bytes free disk space

Hash Algorithms

  • MD5-HMAC 128-bit authentication
  • SHA1-HMAC 160-bit authentication
  • SHA2-HMAC 256-bit authentication
  • SHA2-HMAC 512-bit authentication

Encryption

  • DES CBC 56-bit encryption
  • 3DES-CBC 168-bit encryption
  • AES 128, 192, 256-bit encryption

Diffie Hellman Group Support

  • Group 1: MODP 768
  • Group 2: MODP 768
  • Group 5: MODP 1536
  • Group 14: MODP 2048
  • Group 15: MODP 3072
  • Group 16: MODP 4096
  • Group 17: MODP 6144
  • Group 18: MODP 8192

Authentication Mechanism

  • PSK (Pre-shared Key)
  • EAP (Login/Password)
  • PKI (X.509) Certificate
  • X-Auth

Key Management

  • ISAKMP (RFC2408)
  • IKE (RFC2409) & IPSec mode
  • IKEv2 (RFC7383)
  • ESP, tunnel, transport
  • Main mode, aggressive mode
  • Hybrid authentication method

Certificate

  • PEM
  • PKCS #12

Endpoint Visibility

  • Collecting endpoint information for admission control
    • MAC address
    • Inner IPv4 address
    • Hostname
    • Unique ID
    • Zyxel client version
    • OS type
    • OS version
    • System manufacturer
    • System model

Networking

  • NAT traversal (Draft 1, 2 & 3)
  • Dead Peer Detection (DPD)
  • Redundant gateway

Peer to Peer

  • Peer to peer connections
  • Accepts incoming IPSec tunnels

Connection Technologies

  • Dial-up modem
  • GPRS
  • Ethernet
  • WiFi
SSL VPN Client
Service Category Part Number Description
Connectivity SECUEXTENDER-ZZ0104F E-iCard SSL VPN MAC OS X Client 1 License
Connectivity SECUEXTENDER-ZZ0105F E-iCard SSL VPN MAC OS X Client 5 Licenses
Connectivity SECUEXTENDER-ZZ0106F E-iCard SSL VPN MAC OS X Client 10 Licenses
  • Windows 7 32/64-bit
  • Windows 8 32/64-bit
  • Windows 10 32/64-bit
  • Windows 11 32/64-bit
  • macOS 10.14 or above
  • 5M Bytes free disk space

* All specifications are subject to change without notice.