Chapter 14 IPSec VPN
Table 72 SECURITY > VPN > VPN Rules (Manual) > Edit (continued)
LABEL | DESCRIPTION |
Local Network | Specify the IP addresses of the devices behind the ZyWALL that can use the VPN |
| tunnel. The local IP addresses must correspond to the remote IPSec router's |
| configured remote IP addresses. |
| Two active SAs cannot have the local and remote IP address(es) both the same. |
| Two active SAs can have the same local or remote IP address, but not both. You |
| can configure multiple SAs between the same local and remote IP addresses, as |
| long as only one is active at any time. |
|
|
Address Type | Use the |
| Subnet Address. Select Single Address for a single IP address. Select Range |
| Address for a specific range of IP addresses. Select Subnet Address to specify |
| IP addresses on a network by their subnet mask. |
|
|
Starting IP | When the Address Type field is configured to Single Address, enter a (static) IP |
Address | address on the LAN behind your ZyWALL. When the Address Type field is |
| configured to Range Address, enter the beginning (static) IP address, in a range |
| of computers on the LAN behind your ZyWALL. When the Address Type field is |
| configured to Subnet Address, this is a (static) IP address on the LAN behind |
| your ZyWALL. |
|
|
Ending IP | When the Address Type field is configured to Single Address, this field is N/A. |
Address/Subnet | When the Address Type field is configured to Range Address, enter the end |
Mask | (static) IP address, in a range of computers on the LAN behind your ZyWALL. |
| When the Address Type field is configured to Subnet Address, this is a subnet |
| mask on the LAN behind your ZyWALL. |
|
|
Remote Network | Specify the IP addresses of the devices behind the remote IPSec router that can |
| use the VPN tunnel. The remote IP addresses must correspond to the remote |
| IPSec router's configured local IP addresses. |
| Two active SAs cannot have the local and remote IP address(es) both the same. |
| Two active SAs can have the same local or remote IP address, but not both. You |
| can configure multiple SAs between the same local and remote IP addresses, as |
| long as only one is active at any time. |
|
|
Address Type | Use the |
| Subnet Address. Select Single Address with a single IP address. Select Range |
| Address for a specific range of IP addresses. Select Subnet Address to specify |
| IP addresses on a network by their subnet mask. |
|
|
Starting IP | When the Address Type field is configured to Single Address, enter a (static) IP |
Address | address on the network behind the remote IPSec router. When the Addr Type field |
| is configured to Range Address, enter the beginning (static) IP address, in a |
| range of computers on the network behind the remote IPSec router. When the |
| Address Type field is configured to Subnet Address, enter a (static) IP address |
| on the network behind the remote IPSec router. |
|
|
Ending IP | When the Address Type field is configured to Single Address, this field is N/A. |
Address/Subnet | When the Address Type field is configured to Range Address, enter the end |
Mask | (static) IP address, in a range of computers on the network behind the remote |
| IPSec router. When the Address Type field is configured to Subnet Address, |
| enter a subnet mask on the network behind the remote IPSec router. |
|
|
Gateway Policy |
|
Information |
|
|
|
My ZyWALL | When the ZyWALL is in router mode, enter the WAN IP address of your ZyWALL |
| or leave the field set to 0.0.0.0. |
| The ZyWALL uses its current WAN IP address (static or dynamic) in setting up the |
| VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes down, the |
| ZyWALL uses the dial backup IP address for the VPN tunnel when using dial |
| backup or the LAN IP address when using traffic redirect. |
| The VPN tunnel has to be rebuilt if this IP address changes. |
| When the ZyWALL is in bridge mode, this field is |
| ZyWALL’s IP address. |
|
|
284 |
| |
ZyWALL 2 Plus User’s Guide |
| |
|
|
|