Prestige 2602HWL-D3A Support Notes
VPN client: 10.1.33.33
NAT router WAN IP: 202.132.154.2
Prestige WAN: 202.132.154.3
Since the VPN client is behind a NAT router, it must have a private IP address in most case. This may cause the VPN client to send it's private IP address as the content of it's phase 1 ID. So you have to configure Prestige's secure gateway's phase 1 ID as the private IP address of the VPN client.
How can I keep a tunnel alive?
To keep a tunnel alive, you can check "keep alive" option when configuring your VPN tunnel. With this option, whenever phase 2 SA lifetime is due, IKE negotiation procedure will be invoked automatically even without traffic to make the connection stay.
But to reduce the consumption of system resource, if VPN tunnels get disconnected either manually, by idle timer, or because of power cycle, packet triggering is still necessary to make the tunnel up.
Single, Range, Subnet, which types of IP address do Prestige 10/10II/10W/50/100 support in VPN/IPSec?
The mentioned Prestige series support all of the types. In other words, you can specify a single PC, a range of PCs or even a network of PCs to utilize the VPN/IPSec service.
Can Prestige support IPSec passthrough?
Yes, Prestige can support IPSec passthrough. Prestige series don't only support IPSec/VPN gateway, it can also be a NAT router supporting IPSec passthrough.
If the VPN connection is initiated from the security gateway behind Prestige, no configuration is necessary for NAT nor Firewall.
If the VPN connection is initiated from the security gateway outside of Prestige, NAT port forwarding and Firewall forwarding are necessary.
To configure NAT port forwarding, please go to WEB interface, Setup/ "SUA/NAT", put the secure gateway's IP address in default server.
To configure Firewall forwarding, please go to WEB interface, Setup/Firewall, select Packet Direction to WAN to LAN, and create a firewall rule the forwards IKE(UDP:500).
202
All contents copyright (c) 2007 ZyXEL Communications Corporation.