ZyXEL Communications USG 2000 manual 459

DESCRIPTION

Click this button to display a greater or lesser number of

configuration fields.

Type the name used to identify this VPN gateway. You may use 1-31

alphanumeric characters, underscores(_), or dashes (-), but the first

character cannot be a number. This value is case-sensitive.

Select how the IP address of the ZyWALL in the IKE SA is defined.

If you select Interface, select the Ethernet interface, VLAN

interface, virtual Ethernet interface, virtual VLAN interface, PPPoE/

PPTP interface, or auxiliary interface. The IP address of the ZyWALL

in the IKE SA is the IP address of the interface.

If you select Domain Name / IP, enter the domain name or the IP

address of the ZyWALL. The IP address of the ZyWALL in the IKE SA

is the specified IP address or the IP address corresponding to the

domain name. 0.0.0.0 is invalid.

Select how the IP address of the remote IPSec router in the IKE SA is

defined.

Select Static Address to enter the domain name or the IP address

of the remote IPSec router. You can provide a second IP address or

domain name for the ZyWALL to try if it cannot establish an IKE SA

with the first one.

Fall back to Primary Peer Gateway when possible: When

you select this, if the connection to the primary address goes

down and the ZyWALL changes to using the secondary

connection, the ZyWALL will reconnect to the primary address

when it becomes available again and stop using the secondary

connection. Users will lose their VPN connection briefly while the

ZyWALL changes back to the primary connection. To use this, the

peer device at the secondary address cannot be set to use a

nailed-up VPN connection. In the Fallback Check Interval field,

set how often to check if the primary address is available.

Select Dynamic Address if the remote IPSec router has a dynamic

IP address (and does not use DDNS).

Note: The ZyWALL and remote IPSec router must use the

same authentication method to establish the IKE SA.