Chapter 11 IPSec VPN
USG FLEX H Series User’s Guide
181
The following table describes the labels in this screen.
Table 91 VPN > IPSec VPN > Remote Access VPN
LABEL DESCRIPTION
Enable Click the switch to enable the remote access VPN rule.
Get
SecuExtender
VPN Client
Software
Click to download SecuExtender to your computer. The supported operating systems for
SecuExtender are:
• Windows 10 (64-bit) and later versions.
• macOS 10.15 and later versions.
VPN
configuration
script download
Click to download a VPN configuration script to send to clients using IPSec VPN clients built
into the operating systems.
To use the download script, the built-in IPSec VPN clients need to use the following
operating systems:
• Clients using Windows 7 and later, iOS and macOS built-in IPSec VPN clients can import
the VPN configuration script to configure a remote access VPN rule automatically. Click
the link to download the script and send it to them.
• Clients using Android should download the latest version strongSwan VPN client, then
import the script to configure a remote access VPN rule automatically. Click the link to
download the script and send it to them.
• Clients using built-in IPSec VPN clients earlier than Windows 7 cannot use the script. They
must configure a remote access VPN rule manually. Send the Pre-Shared Key and the
Zyxel Device interface IP or domain name to them.
Incoming Interface
Interface Select an interface from the drop-down list box for incoming traffic to your Zyxel Device.
Domain Name/IP Enter the domain name if you are using DDNS to assign the interface a dynamic IP address
(for example, vpn.zyxel.com).
Enter the IPv4 address if you are using a static IP address.
Certificate for VPN
Validation
Auto Select Auto to have the Zyxel Device generate a certificate from the current remote
access VPN settings. This is the certificate the Zyxel Device uses to identify itself when setting
up the VPN tunnel.
Manual Select Manual to use an existing certificate from the drop-down list box.
Local Network
Full Tunnel Select Full Tunnel to encrypt all traffic through the VPN.
Select Allow Client VPN Traffic Through WAN to allow only traffic encrypted by the Zyxel
Device from the remote client to the Internet.
Split Tunnel Select Split Tunnel to only encrypt traffic going to networks behind the Zyxel Device.
Enter an IPv4 address in CIDR notation, for example, type 192.168.1.1/24. Traffic going to the
Internet from this IP address is encrypted. Traffic going to the Internet from the remote client
does not go through the Zyxel Device is not encrypted.
Client Network
IP Address Pool Enter an IPv4 address in CIDR notation, for example, type 192.168.1.1/24. The IP address
pool is used to assign IP addresses to the VPN clients.
The SSL VPN IP pool should not overlap with IP addresses on the Zyxel Device's local
networks and the SSL user's network.
To Next Page
Loading...
