Chapter 4 Easy Mode
ZyWALL/USG Series User’s Guide
91
• Site-to-site with Dynamic Peer - choose this if the remote IPSec router has a dynamic IP
address. You don’t specify the remote IPSec router’s address, but you specify the remote policy
(the addresses of the devices behind the remote IPSec router). This ZyWALL/USG must have a
static IP address or a domain name. Only the remote IPSec router can initiate the VPN tunnel.
• Remote Access (Server Role) - choose this to allow incoming connections from IPSec VPN
clients. The clients have dynamic IP addresses and are also known as dial-in users. You don’t
specify the addresses of the client IPSec routers or the remote policy. This creates a dynamic
IPSec VPN rule that can let multiple clients connect. Only the clients can initiate the VPN tunnel.
• Remote Access (Client Role) - choose this to connect to an IPSec server. This ZyWALL/USG is
the client (dial-in user). Client role ZyWALL/USGs initiate IPSec VPN connections to a server role
ZyWALL/USG. This ZyWALL/USG can have a dynamic IP address. The IPSec server doesn’t
configure this ZyWALL/USG’s IP address or the addresses of the devices behind it. Only this
ZyWALL/USG can initiate the VPN tunnel.
4.6.3 VPN Express Wizard - Configuration
Figure 66 VPN Express Wizard: Configuration
• Secure Gateway: Any displays in this field if it is not configurable for the chosen scenario.
Otherwise, enter the WAN IP address or domain name of the remote IPSec device (secure
gateway) to identify the remote IPSec router by its IP address or a domain name. Use 0.0.0.0 if
the remote IPSec router has a dynamic WAN IP address.
• Pre-Shared Key: Type the password. Both ends of the VPN tunnel must use the same password.
Use 8 to 31 case-sensitive ASCII characters or 8 to 31 pairs of hexadecimal (“0-9”, “A-F”)
characters. Proceed a hexadecimal key with “0x”. You will receive a PYLD_MALFORMED (payload
malformed) packet if the same pre-shared key is not used on both ends.
• Local Policy (IP/Mask): Type the IP address of a computer on your network that can use the
tunnel. You can also specify a subnet. This must match the remote IP address configured on the
remote IPSec device.
• Remote Policy (IP/Mask): Any displays in this field if it is not configurable for the chosen
scenario. Otherwise, type the IP address of a computer behind the remote IPSec device. You can
also specify a subnet. This must match the local IP address configured on the remote IPSec
device.
To Next Page
Loading...
