Table 54 Security > VPN > Rule Setup: Manual (continued)
LABEL | DESCRIPTION |
DNS Server (for | If there is a private DNS server that services the VPN, type its IP address here. |
IPSec VPN) | The ZyXEL Device assigns this additional DNS server to the ZyXEL Device's |
| DHCP clients that have IP addresses in this IPSec rule's range of local addresses. |
| A DNS server allows clients on the VPN to find other computers and servers on |
| the VPN by their (private) domain names. |
|
|
Local Policy | Local IP addresses must be static and correspond to the remote IPSec router's |
| configured remote IP addresses. |
| Two active SAs can have the same configured local or remote IP address, but not |
| both. You can configure multiple SAs between the same local and remote IP |
| addresses, as long as only one is active at any time. |
| In order to have more than one active rule with the Secure Gateway Address |
| field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between |
| rules. |
| If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field |
| and the LAN’s full IP address range as the local IP address, then you cannot |
| configure any other active rules with the Secure Gateway Address field set to |
| 0.0.0.0. |
|
|
Local Address | For a single IP address, enter a (static) IP address on the LAN behind your ZyXEL |
| Device. |
| For a specific range of IP addresses, enter the beginning (static) IP address, in a |
| range of computers on your LAN behind your ZyXEL Device. |
| To specify IP addresses on a network by their subnet mask, enter a (static) IP |
| address on the LAN behind your ZyXEL Device. |
|
|
Local Address | When the local IP address is a single address, type it a second time here. |
End /Mask | When the local IP address is a range, enter the end (static) IP address, in a range |
| of computers on the LAN behind your ZyXEL Device. |
| When the local IP address is a subnet address, enter a subnet mask on the LAN |
| behind your ZyXEL Device. |
|
|
Local Port Start | 0 is the default and signifies any port. Type a port number from 0 to 65535. Some |
| of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25, |
| SMTP; 110, POP3. |
|
|
Local Port End | Enter a port number in this field to define a port range. This port number must be |
| greater than that specified in the previous field. If Local Port Start is left at 0, |
| Local Port End will also remain at 0. |
Remote Policy | Remote IP addresses must be static and correspond to the remote IPSec router's |
| configured local IP addresses. The remote fields do not apply when the Secure |
| Gateway IP Address field is configured to 0.0.0.0. In this case only the remote |
| IPSec router can initiate the VPN. |
| Two active SAs cannot have the local and remote IP address(es) both the same. |
| Two active SAs can have the same local or remote IP address, but not both. You |
| can configure multiple SAs between the same local and remote IP addresses, as |
| long as only one is active at any time. |
|
|
Remote Address | For a single IP address, enter a (static) IP address on the network behind the |
| remote IPSec router. |
| For a specific range of IP addresses, enter the beginning (static) IP address, in a |
| range of computers on the network behind the remote IPSec router. |
| To specify IP addresses on a network by their subnet mask, enter a (static) IP |
| address on the network behind the remote IPSec router. |
|
|
162 | Chapter 13 IPSec VPN |