Chapter 18 VPN Screens
Table 96 Edit VPN Policies
LABEL | DESCRIPTION |
IPSec Key Mode | Select IKE or Manual from the |
| so it is generally recommended. Manual is a useful option for troubleshooting if |
| you have problems using IKE key management. |
|
|
Negotiation Mode | Select Main or Aggressive from the |
| through a secure gateway must have the same negotiation mode. |
|
|
Encapsulation | Select Tunnel mode or Transport mode from the |
Mode |
|
|
|
DNS Server (for | If there is a private DNS server that services the VPN, type its IP address here. |
IPSec VPN) | The ZyXEL Device assigns this additional DNS server to the ZyXEL Device's |
| DHCP clients that have IP addresses in this IPSec rule's range of local |
| addresses. |
| A DNS server allows clients on the VPN to find other computers and servers on |
| the VPN by their (private) domain names. |
|
|
Local | Specify the IP addresses of the devices behind the ZyXEL Device that can use |
| the VPN tunnel. The local IP addresses must correspond to the remote IPSec |
| router's configured remote IP addresses. |
| Two active SAs cannot have the local and remote IP address(es) both the same. |
| Two active SAs can have the same local or remote IP address, but not both. You |
| can configure multiple SAs between the same local and remote IP addresses, as |
| long as only one is active at any time. |
|
|
Local Address | Use the |
Type | a single IP address. Select Range for a specific range of IP addresses. Select |
| Subnet to specify IP addresses on a network by their subnet mask. |
|
|
IP Address Start | When the Local Address Type field is configured to Single, enter a (static) IP |
| address on the LAN behind your ZyXEL Device. When the Local Address Type |
| field is configured to Range, enter the beginning (static) IP address, in a range of |
| computers on your LAN behind your ZyXEL Device. When the Local Address |
| Type field is configured to Subnet, this is a (static) IP address on the LAN behind |
| your ZyXEL Device. |
|
|
End / Subnet Mask | When the Local Address Type field is configured to Single, this field is N/A. |
| When the Local Address Type field is configured to Range, enter the end |
| (static) IP address, in a range of computers on the LAN behind your ZyXEL |
| Device. When the Local Address Type field is configured to Subnet, this is a |
| subnet mask on the LAN behind your ZyXEL Device. |
|
|
Remote | Specify the IP addresses of the devices behind the remote IPSec router that can |
| use the VPN tunnel. The remote IP addresses must correspond to the remote |
| IPSec router's configured local IP addresses. |
| Two active SAs cannot have the local and remote IP address(es) both the same. |
| Two active SAs can have the same local or remote IP address, but not both. You |
| can configure multiple SAs between the same local and remote IP addresses, as |
| long as only one is active at any time. |
|
|
Remote Address | Use the |
Type | with a single IP address. Select Range for a specific range of IP addresses. |
| Select Subnet to specify IP addresses on a network by their subnet mask. |
|
|
IP Address Start | When the Remote Address Type field is configured to Single, enter a (static) IP |
| address on the network behind the remote IPSec router. When the Remote |
| Address Type field is configured to Range, enter the beginning (static) IP |
| address, in a range of computers on the network behind the remote IPSec router. |
| When the Remote Address Type field is configured to Subnet, enter a (static) IP |
| address on the network behind the remote IPSec router. |
|
|
| 247 |
|
|