2 vpn rules (ike) – ZyXEL Communications ZyWALL 2 Plus User Manual

Chapter 14 IPSec VPN

ZyWALL 2 Plus User’s Guide

255

You can usually provide a static IP address or a domain name for the ZyWALL. Sometimes,
your ZyWALL might also offer another alternative, such as using the IP address of a port or
interface.
You can usually provide a static IP address or a domain name for the remote IPSec router as
well. Sometimes, you might not know the IP address of the remote IPSec router (for example,
telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router
can initiate an IKE SA.

14.2 VPN Rules (IKE)

A VPN (Virtual Private Network) tunnel gives you a secure connection to another computer or
network.

• A gateway policy contains the IKE SA settings. It identifies the IPSec routers at either end

of a VPN tunnel.

• A network policy contains the IPSec SA settings. It specifies which devices (behind the

IPSec routers) can use the VPN tunnel.

Figure 170 Gateway and Network Policies

This figure helps explain the main fields in the VPN setup.

Figure 171 IPSec Fields Summary

Click SECURITY > VPN to display the VPN Rules (IKE) screen. Use this screen to manage
the ZyWALL’s list of VPN rules (tunnels) that use IKE SAs.