Chapter 14 IPSec VPN
You can usually provide a static IP address or a domain name for the ZyWALL. Sometimes, your ZyWALL might also offer another alternative, such as using the IP address of a port or interface.
You can usually provide a static IP address or a domain name for the remote IPSec router as well. Sometimes, you might not know the IP address of the remote IPSec router (for example, telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router can initiate an IKE SA.
14.2 VPN Rules (IKE)
A VPN (Virtual Private Network) tunnel gives you a secure connection to another computer or network.
•A gateway policy contains the IKE SA settings. It identifies the IPSec routers at either end of a VPN tunnel.
•A network policy contains the IPSec SA settings. It specifies which devices (behind the IPSec routers) can use the VPN tunnel.
Figure 191 Gateway and Network Policies
This figure helps explain the main fields in the VPN setup.
Figure 192 IPSec Fields Summary
Click SECURITY > VPN to display the VPN Rules (IKE) screen. Use this screen to manage the ZyWALL’s list of VPN rules (tunnels) that use IKE SAs.
| 303 |
ZyWALL 2WG User’s Guide | |
|
|