Chapter 13 IPSec
P-660HN-51 User’s Guide
152
The following table describes the fields in this screen.
Table 55 Settings > Add/Edit: Auto(IKE)
LABEL DESCRIPTION
Enable Select this check box to activate this VPN policy. This option determines whether a
VPN rule is applied before a packet leaves the firewall.
IPSec Connection
Name
Type up to 39 alphanumeric characters to identify this VPN policy. You may use
spaces, underscores and dashes, but the Zyxel Device drops trailing spaces.
Remote IPSec
Gateway Address
Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with
which you're making the VPN connection.
Tunnel access from
local IP addresses
Specify the IP addresses of the devices behind the Zyxel Device that can use the
VPN tunnel. The local IP addresses must correspond to the remote IPSec router's
configured remote IP addresses.
Two active SAs cannot have the local and remote IP address(es) both the same.
Two active SAs can have the same local or remote IP address, but not both. You
can configure multiple SAs between the same local and remote IP addresses, as
long as only one is active at any time.
Use the drop-down list box to choose Single Address or Subnet. Select Single
Address for a single IP address. Select Subnet to specify IP addresses on a network
by their subnet mask.
IP Address for
VPN
When the local IP address type is configured to Single Address, enter a (static) IP
address on the LAN behind your Zyxel Device.
When the local IP address type is configured to Subnet, enter a (static) IP address
on the LAN behind your Zyxel Device.
IP Subnet mask When the local IP address type is configured to Single Address, this field is not
available.
When the local IP address type is configured to Subnet, enter a subnet mask on the
LAN behind your Zyxel Device.
Tunnel access from
remote IP
addresses
Specify the IP addresses of the devices behind the remote IPSec router that can use
the VPN tunnel. The remote IP addresses must correspond to the remote IPSec
router's configured local IP addresses.
Two active SAs cannot have the local and remote IP address(es) both the same.
Two active SAs can have the same local or remote IP address, but not both. You
can configure multiple SAs between the same local and remote IP addresses, as
long as only one is active at any time.
Use the drop-down list box to choose Single Address or Subnet. Select Single
Address with a single IP address. Select Subnet to specify IP addresses on a network
by their subnet mask.
IP Address for
VPN
When the remote IP address type is configured to Single Address, enter a (static) IP
address on the network behind the remote IPSec router.
When the remote IP address type is configured to Subnet, enter a (static) IP address
on the network behind the remote IPSec router.
IP Subnetmask When the remote IP address type is configured to Single Address, this field is not
available.
When the remote IP address type is configured to Subnet, enter a subnet mask on
the network behind the remote IPSec router.
Protocol This field displays ESP and the Zyxel Device uses ESP (Encapsulation Security
Payload) for VPN. The ESP protocol (RFC 2406) provides encryption as well as some
of the services offered by AH.
Key Exchange
Method
Select Auto(IKE) or Manual from the drop-down list box. Auto(IKE) provides more
protection so it is generally recommended. Manual is a useful option for
troubleshooting if you have problems using Auto(IKE) key management.
To Next Page
Loading...
