2 vpn rules (ike) – ZyXEL Communications ZyXEL ZyWALL 2WG User Manual

Chapter 14 IPSec VPN

ZyWALL 2WG User’s Guide

259

You can usually provide a static IP address or a domain name for the ZyWALL. Sometimes,
your ZyWALL might also offer another alternative, such as using the IP address of a port or
interface.
You can usually provide a static IP address or a domain name for the remote IPSec router as
well. Sometimes, you might not know the IP address of the remote IPSec router (for example,
telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router
can initiate an IKE SA.

14.2 VPN Rules (IKE)

A VPN (Virtual Private Network) tunnel gives you a secure connection to another computer or
network.

• A gateway policy contains the IKE SA settings. It identifies the IPSec routers at either end

of a VPN tunnel.

• A network policy contains the IPSec SA settings. It specifies which devices (behind the

IPSec routers) can use the VPN tunnel.

Figure 142 Gateway and Network Policies

This figure helps explain the main fields in the VPN setup.

Figure 143 IPSec Fields Summary

Click SECURITY > VPN to display the VPN Rules (IKE) screen. Use this screen to manage
the ZyWALL’s list of VPN rules (tunnels) that use IKE SAs.