Chapter 30 IPSec VPN
ZyWALL USG Series User’s Guide
622
Each field is described in the following table.
Table 223 Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit
LABEL DESCRIPTION
Show Advanced
Settings / Hide
Advanced Settings
Click this button to display a greater or lesser number of configuration fields.
Create New Object Use to configure any new settings objects that you need to use in this screen.
General Settings
Enable Select this to activate the VPN Gateway policy.
VPN Gateway
Name
Type the name used to identify this VPN gateway. You may use 1-31 alphanumeric
characters, underscores(
_), or dashes (-), but the first character cannot be a number. This
value is case-sensitive.
IKE Version
IKEv1 / IKEv2 Select IKEv1 or IKEv2. IKEv1 applies to IPv4 traffic only. IKEv2 applies to both IPv4 and IPv6
traffic. IKE (Internet Key Exchange) is a protocol used in setting up security associations that
allows two parties to send data securely. See Section 30.1 on page 605 for more information
on IKEv1 and IKEv2.
Gateway Settings
My Address Select how the IP address of the Zyxel Device in the IKE SA is defined.
If you select Interface, select the Ethernet interface, VLAN interface, virtual Ethernet
interface, virtual VLAN interface or PPPoE/PPTP interface. The IP address of the Zyxel Device
in the IKE SA is the IP address of the interface.
If you select Domain Name / IP, enter the domain name or the IP address of the Zyxel
Device. The IP address of the Zyxel Device in the IKE SA is the specified IP address or the IP
address corresponding to the domain name. 0.0.0.0 is not generally recommended as it
has the Zyxel Device accept IPSec requests destined for any interface address on the Zyxel
Device.
Peer Gateway
Address
Select how the IP address of the remote IPSec router in the IKE SA is defined.
Select Static Address to enter the domain name or the IP address of the remote IPSec
router. You can provide a second IP address or domain name for the Zyxel Device to try if it
cannot establish an IKE SA with the first one.
Fall back to Primary Peer Gateway when possible: When you select this, if the
connection to the primary address goes down and the Zyxel Device changes to using
the secondary connection, the Zyxel Device will reconnect to the primary address
when it becomes available again and stop using the secondary connection. Users will
lose their VPN connection briefly while the Zyxel Device changes back to the primary
connection. To use this, the peer device at the secondary address cannot be set to use
a nailed-up VPN connection. In the Fallback Check Interval field, set how often to
check if the primary address is available.
Select Dynamic Address if the remote IPSec router has a dynamic IP address (and does not
use DDNS).
Authentication
Note: The Zyxel Device and remote IPSec router must use the same
authentication method to establish the IKE SA.
To Next Page
Loading...
