beautypg.com

ZyXEL Communications NBG420N User Manual

Page 172

background image

Chapter 15 IPSec VPN

NBG420N User’s Guide

172

Secure Gateway

Address

Type the WAN IP address or the domain name (up to 31 characters) of the IPSec

router with which you're making the VPN connection. Set this field to 0.0.0.0 if the

remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode

field must be set to IKE).
In order to have more than one active rule with the Secure Gateway Address

field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between

rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field

and the LAN’s full IP address range as the local IP address, then you cannot

configure any other active rules with the Secure Gateway Address field set to

0.0.0.0.

Note: You can also enter a remote secure gateway’s domain

name in the Secure Gateway Address field if the remote
secure gateway has a dynamic WAN IP address and is
using DDNS. The NBG420N has to rebuild the VPN tunnel
each time the remote secure gateway’s WAN IP address
changes (there may be a delay until the DDNS servers are
updated with the remote gateway’s new WAN IP address).

Peer ID Type

Select IP to identify the remote IPSec router by its IP address.
Select Domain Name to identify the remote IPSec router by a domain name.
Select E-mail to identify the remote IPSec router by an e-mail address.

Peer Content

The configuration of the peer content depends on the peer ID type.
For IP, type the IP address of the computer with which you will make the VPN

connection. If you configure this field to 0.0.0.0 or leave it blank, the NBG420N

will use the address in the Secure Gateway Address field (refer to the Secure

Gateway Address field description).
For Domain Name or E-mail, type a domain name or e-mail address by which to

identify the remote IPSec router. Use up to 31 ASCII characters including spaces,

although trailing spaces are truncated. The domain name or e-mail address is for

identification purposes only and can be any string.
It is recommended that you type an IP address other than 0.0.0.0 or use the

Domain Name or E-mail ID type in the following situations:

When there is a NAT router between the two IPSec routers.

When you want the NBG420N to distinguish between VPN connection

requests that come in from remote IPSec routers with dynamic WAN IP

addresses.

IPSec Algorithm

Encapsulation

Mode

Select Tunnel mode or Transport mode from the drop-down list box.

IPSec Protocol

Select the security protocols used for an SA.
Both AH and ESP increase processing requirements and communications

latency (delay).
If you select ESP here, you must select options from the Encryption Algorithm

and Authentication Algorithm fields (described below).

Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued)

LABEL

DESCRIPTION

See also other documents in the category ZyXEL Communications Hardware: