beautypg.com

ZyXEL Communications NBG420N User Manual

Page 182

background image

Chapter 15 IPSec VPN

NBG420N User’s Guide

182

Remote Address

For a single IP address, enter a (static) IP address on the network behind the

remote IPSec router.
For a specific range of IP addresses, enter the beginning (static) IP address, in a

range of computers on the network behind the remote IPSec router.
To specify IP addresses on a network by their subnet mask, enter a (static) IP

address on the network behind the remote IPSec router.

Remote Address

End /Mask

When the remote IP address is a single address, type it a second time here.
When the remote IP address is a range, enter the end (static) IP address, in a

range of computers on the network behind the remote IPSec router.
When the remote IP address is a subnet address, enter a subnet mask on the

network behind the remote IPSec router.

Remote Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535. Some

of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25,

SMTP; 110, POP3.

Remote Port End Enter a port number in this field to define a port range. This port number must be

greater than that specified in the previous field. If Remote Port Start is left at 0,

Remote Port End will also remain at 0.

My IP Address

Enter the NBG420N's static WAN IP address (if it has one) or leave the field set to

0.0.0.0.
The NBG420N uses its current WAN IP address (static or dynamic) in setting up

the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes down,

the NBG420N uses the dial backup IP address for the VPN tunnel when using dial

backup or the LAN IP address when using traffic redirect.
Otherwise, you can enter one of the dynamic domain names that you have

configured (in the DDNS screen) to have the NBG420N use that dynamic domain

name's IP address.
The VPN tunnel has to be rebuilt if My IP Address changes after setup.

Secure Gateway

Address

Type the WAN IP address or the domain name (up to 31 characters) of the IPSec

router with which you're making the VPN connection. Set this field to 0.0.0.0 if the

remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode

field must be set to IKE).
In order to have more than one active rule with the Secure Gateway Address

field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between

rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field

and the LAN’s full IP address range as the local IP address, then you cannot

configure any other active rules with the Secure Gateway Address field set to

0.0.0.0.

Note: You can also enter a remote secure gateway’s domain name

in the Secure Gateway Address field if the remote secure
gateway has a dynamic WAN IP address and is using DDNS.
The NBG420N has to rebuild the VPN tunnel each time the
remote secure gateway’s WAN IP address changes (there
may be a delay until the DDNS servers are updated with the
remote gateway’s new WAN IP address).

SPI

Type a unique SPI (Security Parameter Index) from one to four characters long.

Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".

Encapsulation

Mode

Select Tunnel mode or Transport mode from the drop-down list box.

Table 65 Security > VPN > Rule Setup: Manual (continued)

LABEL

DESCRIPTION

See also other documents in the category ZyXEL Communications Hardware: