|
| ||
| Table 54 Security > VPN > Rule Setup: Manual (continued) | ||
| LABEL | DESCRIPTION |
|
| Remote Address | When the remote IP address is a single address, type it a second time here. |
|
| End /Mask | When the remote IP address is a range, enter the end (static) IP address, in a |
|
|
| range of computers on the network behind the remote IPSec router. |
|
|
| When the remote IP address is a subnet address, enter a subnet mask on the |
|
|
| network behind the remote IPSec router. |
|
|
|
|
|
| Remote Port | 0 is the default and signifies any port. Type a port number from 0 to 65535. Some |
|
| Start | of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25, |
|
|
| SMTP; 110, POP3. |
|
|
|
|
|
| Remote Port End | Enter a port number in this field to define a port range. This port number must be |
|
|
| greater than that specified in the previous field. If Remote Port Start is left at 0, |
|
|
| Remote Port End will also remain at 0. |
|
|
|
|
|
| My IP Address | Enter the ZyXEL Device's static WAN IP address (if it has one) or leave the field |
|
|
| set to 0.0.0.0. |
|
|
| The ZyXEL Device uses its current WAN IP address (static or dynamic) in setting |
|
|
| up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes |
|
|
| down, the ZyXEL Device uses the dial backup IP address for the VPN tunnel when |
|
|
| using dial backup or the LAN IP address when using traffic redirect. |
|
|
| Otherwise, you can enter one of the dynamic domain names that you have |
|
|
| configured (in the DDNS screen) to have the ZyXEL Device use that dynamic |
|
|
| domain name's IP address. |
|
|
| The VPN tunnel has to be rebuilt if My IP Address changes after setup. |
|
|
|
|
|
| Secure Gateway | Type the WAN IP address or the domain name (up to 31 characters) of the IPSec |
|
| Address | router with which you're making the VPN connection. Set this field to 0.0.0.0 if the |
|
|
| remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode |
|
|
| field must be set to IKE). |
|
|
| In order to have more than one active rule with the Secure Gateway Address |
|
|
| field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between |
|
|
| rules. |
|
|
| If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field |
|
|
| and the LAN’s full IP address range as the local IP address, then you cannot |
|
|
| configure any other active rules with the Secure Gateway Address field set to |
|
|
| 0.0.0.0. |
|
|
| Note: You can also enter a remote secure gateway’s domain name |
|
|
| in the Secure Gateway Address field if the remote secure |
|
|
| gateway has a dynamic WAN IP address and is using |
|
|
| DDNS. The ZyXEL Device has to rebuild the VPN tunnel |
|
|
| each time the remote secure gateway’s WAN IP address |
|
|
| changes (there may be a delay until the DDNS servers are |
|
|
| updated with the remote gateway’s new WAN IP address). |
|
|
|
|
|
| SPI | Type a unique SPI (Security Parameter Index) from one to four characters long. |
|
|
| Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9". |
|
|
|
|
|
| Encapsulation | Select Tunnel mode or Transport mode from the |
|
| Mode |
|
|
|
|
|
|
| Enable Replay | As a VPN setup is processing intensive, the system is vulnerable to Denial of |
|
| Detection | Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate |
|
|
| packets to protect against replay attacks. Select YES from the |
|
|
| enable replay detection, or select NO to disable it. |
|
|
|
|
|
Chapter 13 IPSec VPN | 163 |