P-334U/P-335U User’s Guide

Table 52 Security > VPN > Rule Setup: IKE (Basic) (continued)

LABEL

DESCRIPTION

 

 

Secure Gateway

Type the WAN IP address or the domain name (up to 31 characters) of the IPSec

Address

router with which you're making the VPN connection. Set this field to 0.0.0.0 if the

 

remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode

 

field must be set to IKE).

 

In order to have more than one active rule with the Secure Gateway Address

 

field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between

 

rules.

 

If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field

 

and the LAN’s full IP address range as the local IP address, then you cannot

 

configure any other active rules with the Secure Gateway Address field set to

 

0.0.0.0.

 

Note: You can also enter a remote secure gateway’s domain

 

name in the Secure Gateway Address field if the remote

 

secure gateway has a dynamic WAN IP address and is

 

using DDNS. The ZyXEL Device has to rebuild the VPN

 

tunnel each time the remote secure gateway’s WAN IP

 

address changes (there may be a delay until the DDNS

 

servers are updated with the remote gateway’s new WAN IP

 

address).

 

 

Peer ID Type

Select IP to identify the remote IPSec router by its IP address.

 

Select DNS to identify the remote IPSec router by a domain name.

 

Select E-mailto identify the remote IPSec router by an e-mail address.

Peer Content

The configuration of the peer content depends on the peer ID type.

 

For IP, type the IP address of the computer with which you will make the VPN

 

connection. If you configure this field to 0.0.0.0 or leave it blank, the ZyXEL

 

Device will use the address in the Secure Gateway Address field (refer to the

 

Secure Gateway Address field description).

 

For Domain Name or E-mail, type a domain name or e-mail address by which to

 

identify the remote IPSec router. Use up to 31 ASCII characters including spaces,

 

although trailing spaces are truncated. The domain name or e-mail address is for

 

identification purposes only and can be any string.

 

It is recommended that you type an IP address other than 0.0.0.0 or use the

 

Domain Name or E-mailID type in the following situations:

 

• When there is a NAT router between the two IPSec routers.

 

• When you want the ZyXEL Device to distinguish between VPN connection

 

requests that come in from remote IPSec routers with dynamic WAN IP

 

addresses.

 

 

IPSec Algorithm

 

 

 

Encapsulation

Select Tunnel mode or Transport mode from the drop-down list box.

Mode

 

 

 

IPSec Protocol

Select the security protocols used for an SA.

 

Both AH and ESP increase processing requirements and communications

 

latency (delay).

 

If you select ESP here, you must select options from the Encryption Algorithm

 

and Authentication Algorithm fields (described below).

 

 

152

Chapter 13 IPSec VPN