|
|
|
| Table 87 Edit VPN Policies | |
|
|
|
| LABEL | DESCRIPTION |
|
|
|
| Peer ID Type | Select IP to identify the remote IPSec router by its IP address. |
|
| Select DNS to identify the remote IPSec router by a domain name. |
|
| Select |
| Content | The configuration of the peer content depends on the peer ID type. |
|
| For IP, type the IP address of the computer with which you will make the VPN |
|
| connection. If you configure this field to 0.0.0.0 or leave it blank, the ZyXEL |
|
| Device will use the address in the Secure Gateway Address field (refer to the |
|
| Secure Gateway Address field description). |
|
| For DNS or |
|
| remote IPSec router. Use up to 31 ASCII characters including spaces, although |
|
| trailing spaces are truncated. The domain name or |
|
| identification purposes only and can be any string. |
|
| It is recommended that you type an IP address other than 0.0.0.0 or use the DNS |
|
| or |
|
| When there is a NAT router between the two IPSec routers. |
|
| When you want the ZyXEL Device to distinguish between VPN connection |
|
| requests that come in from remote IPSec routers with dynamic WAN IP |
|
| addresses. |
| Secure Gateway | Type the WAN IP address or the URL (up to 31 characters) of the IPSec router |
| Address | with which you're making the VPN connection. Set this field to 0.0.0.0 if the |
|
| remote IPSec router has a dynamic WAN IP address (the Key Management field |
|
| must be set to IKE). |
|
| In order to have more than one active rule with the Secure Gateway Address |
|
| field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between |
|
| rules. |
|
| If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field |
|
| and the LAN’s full IP address range as the local IP address, then you cannot |
|
| configure any other active rules with the Secure Gateway Address field set to |
|
| 0.0.0.0. |
| Security Protocol |
|
|
|
|
| VPN Protocol | Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP |
|
| protocol (RFC 2406) provides encryption as well as some of the services offered |
|
| by AH. If you select ESP here, you must select options from the Encryption |
|
| Algorithm and Authentication Algorithm fields (described below). |
| Type your | |
|
| communicating party during a phase 1 IKE negotiation. It is called |
|
| because you have to share it with another party before you can communicate with |
|
| them over a secure connection. |
|
| Type from 8 to 31 |
|
| |
|
| x), which is not counted as part of the 16 to 62 character range for the key. For |
|
| example, in "0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal |
|
| and “0123456789ABCDEF” is the key itself. |
|
| Both ends of the VPN tunnel must use the same |
|
| a “PYLD_MALFORMED” (payload malformed) packet if the same |
|
| is not used on both ends. |
Chapter 17 VPN Screens | 233 |
