Chapter 25 IPSec VPN

Each field is described in the following table.

Table 121 Configuration > VPN > IPSec VPN > VPN Gateway > Edit

LABEL

DESCRIPTION

Show Advance

Click this button to display a greater or lesser number of

Settings / Hide

configuration fields.

Advance Settings

 

 

 

General Settings

 

 

 

VPN Gateway

Type the name used to identify this VPN gateway. You may use 1-31

Name

alphanumeric characters, underscores(_), or dashes (-), but the first

 

character cannot be a number. This value is case-sensitive.

 

 

Gateway Settings

 

 

 

My Address

Select how the IP address of the ZyWALL in the IKE SA is defined.

 

If you select Interface, select the Ethernet interface, VLAN

 

interface, virtual Ethernet interface, virtual VLAN interface, PPPoE/

 

PPTP interface, or auxiliary interface. The IP address of the ZyWALL

 

in the IKE SA is the IP address of the interface.

 

If you select Domain Name / IP, enter the domain name or the IP

 

address of the ZyWALL. The IP address of the ZyWALL in the IKE SA

 

is the specified IP address or the IP address corresponding to the

 

domain name. 0.0.0.0 is invalid.

 

 

Peer Gateway

Select how the IP address of the remote IPSec router in the IKE SA is

Address

defined.

 

Select Static Address to enter the domain name or the IP address

 

of the remote IPSec router. You can provide a second IP address or

 

domain name for the ZyWALL to try if it cannot establish an IKE SA

 

with the first one.

 

Fall back to Primary Peer Gateway when possible: When

 

you select this, if the connection to the primary address goes

 

down and the ZyWALL changes to using the secondary

 

connection, the ZyWALL will reconnect to the primary address

 

when it becomes available again and stop using the secondary

 

connection. Users will lose their VPN connection briefly while the

 

ZyWALL changes back to the primary connection. To use this, the

 

peer device at the secondary address cannot be set to use a

 

nailed-up VPN connection. In the Fallback Check Interval field,

 

set how often to check if the primary address is available.

 

Select Dynamic Address if the remote IPSec router has a dynamic

 

IP address (and does not use DDNS).

 

 

Authentication

Note: The ZyWALL and remote IPSec router must use the

 

 

same authentication method to establish the IKE SA.

 

 

 

459

ZyWALL USG 2000 User’s Guide