Table 53 Security > VPN > Rule Setup: IKE (Advanced) (continued)
LABEL | DESCRIPTION |
Local Address | For a single IP address, enter a (static) IP address on the LAN behind your |
| ZyXEL Device. |
| For a specific range of IP addresses, enter the beginning (static) IP address, in |
| a range of computers on your LAN behind your ZyXEL Device. |
| To specify IP addresses on a network by their subnet mask, enter a (static) IP |
| address on the LAN behind your ZyXEL Device. |
|
|
Local Address End / | When the local IP address is a single address, type it a second time here. |
Mask | When the local IP address is a range, enter the end (static) IP address, in a |
| range of computers on the LAN behind your ZyXEL Device. |
| When the local IP address is a subnet address, enter a subnet mask on the |
| LAN behind your ZyXEL Device. |
|
|
Local Port Start | 0 is the default and signifies any port. Type a port number from 0 to 65535. |
| Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, |
| HTTP; 25, SMTP; 110, POP3. |
|
|
Local Port End | Enter a port number in this field to define a port range. This port number must |
| be greater than that specified in the previous field. If Local Port Start is left at |
| 0, Local Port End will also remain at 0. |
|
|
Remote Policy | Remote IP addresses must be static and correspond to the remote IPSec |
| router's configured local IP addresses. The remote fields do not apply when the |
| Secure Gateway IP Address field is configured to 0.0.0.0. In this case only the |
| remote IPSec router can initiate the VPN. |
| Two active SAs cannot have the local and remote IP address(es) both the |
| same. Two active SAs can have the same local or remote IP address, but not |
| both. You can configure multiple SAs between the same local and remote IP |
| addresses, as long as only one is active at any time. |
|
|
Remote Address | For a single IP address, enter a (static) IP address on the network behind the |
| remote IPSec router. |
| For a specific range of IP addresses, enter the beginning (static) IP address, in |
| a range of computers on the network behind the remote IPSec router. |
| To specify IP addresses on a network by their subnet mask, enter a (static) IP |
| address on the network behind the remote IPSec router. |
|
|
Remote Address | When the remote IP address is a single address, type it a second time here. |
End /Mask | When the remote IP address is a range, enter the end (static) IP address, in a |
| range of computers on the network behind the remote IPSec router. |
| When the remote IP address is a subnet address, enter a subnet mask on the |
| network behind the remote IPSec router. |
|
|
Remote Port Start | 0 is the default and signifies any port. Type a port number from 0 to 65535. |
| Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, |
| HTTP; 25, SMTP; 110, POP3. |
|
|
Remote Port End | Enter a port number in this field to define a port range. This port number must |
| be greater than that specified in the previous field. If Remote Port Start is left at |
| 0, Remote Port End will also remain at 0. |
|
|
Authentication |
|
Method |
|
|
|
156 | Chapter 13 IPSec VPN |