|
| |
| Table 53 Security > VPN > Rule Setup: IKE (Advanced) (continued) | |
| LABEL | DESCRIPTION |
| My IP Address | Enter the ZyXEL Device's static WAN IP address (if it has one) or leave the field |
|
| set to 0.0.0.0. |
|
| The ZyXEL Device uses its current WAN IP address (static or dynamic) in |
|
| setting up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN |
|
| connection goes down, the ZyXEL Device uses the dial backup IP address for |
|
| the VPN tunnel when using dial backup or the LAN IP address when using |
|
| traffic redirect. |
|
| Otherwise, you can enter one of the dynamic domain names that you have |
|
| configured (in the DDNS screen) to have the ZyXEL Device use that dynamic |
|
| domain name's IP address. |
|
| The VPN tunnel has to be rebuilt if My IP Address changes after setup. |
|
|
|
| Local ID Type | Select IP to identify this ZyXEL Device by its IP address. |
|
| Select DNS to identify this ZyXEL Device by a domain name. |
|
| Select |
|
|
|
| Local Content | When you select IP in the Local ID Type field, type the IP address of your |
|
| computer in the Local Content field. The ZyXEL Device automatically uses the |
|
| IP address in the My IP Address field (refer to the My IP Address field |
|
| description) if you configure the Local Content field to 0.0.0.0 or leave it blank. |
|
| It is recommended that you type an IP address other than 0.0.0.0 in the Local |
|
| Content field or use the Domain Name or |
|
| situations. |
|
| • When there is a NAT router between the two IPSec routers. |
|
| • When you want the remote IPSec router to be able to distinguish between |
|
| VPN connection requests that come in from IPSec routers with dynamic |
|
| WAN IP addresses. |
|
| When you select Domain Name or |
|
| domain name or |
|
| Local Content field. Use up to 31 ASCII characters including spaces, although |
|
| trailing spaces are truncated. The domain name or |
|
| identification purposes only and can be any string. |
|
|
|
| Secure Gateway | Type the WAN IP address or the domain name (up to 31 characters) of the |
| Address | IPSec router with which you're making the VPN connection. Set this field to |
|
| 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the IPSec |
|
| Keying Mode field must be set to IKE). |
|
| In order to have more than one active rule with the Secure Gateway Address |
|
| field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between |
|
| rules. |
|
| If you configure an active rule with 0.0.0.0 in the Secure Gateway Address |
|
| field and the LAN’s full IP address range as the local IP address, then you |
|
| cannot configure any other active rules with the Secure Gateway Address field |
|
| set to 0.0.0.0. |
|
| Note: You can also enter a remote secure gateway’s domain |
|
| name in the Secure Gateway Address field if the remote |
|
| secure gateway has a dynamic WAN IP address and is |
|
| using DDNS. The ZyXEL Device has to rebuild the VPN |
|
| tunnel each time the remote secure gateway’s WAN IP |
|
| address changes (there may be a delay until the DDNS |
|
| servers are updated with the remote gateway’s new WAN |
|
| IP address). |
|
|
|
| Peer ID Type | Select IP to identify the remote IPSec router by its IP address. |
|
| Select DNS to identify the remote IPSec router by a domain name. |
|
| Select |
|
|
|
Chapter 13 IPSec VPN | 157 |