Chapter 21 IPSec
Table 88 IPSec Settings > Add/Edit: Manual
LABEL | DESCRIPTION |
Tunnel access | Specify the IP addresses of the devices behind the ZyXEL Device that |
from local IP | can use the VPN tunnel. The local IP addresses must correspond to the |
addresses | remote IPSec router's configured remote IP addresses. |
| Two active SAs cannot have the local and remote IP address(es) both |
| the same. Two active SAs can have the same local or remote IP |
| address, but not both. You can configure multiple SAs between the |
| same local and remote IP addresses, as long as only one is active at |
| any time. |
| Use the |
| Select Single Address for a single IP address. Select Subnet to |
| specify IP addresses on a network by their subnet mask. |
|
|
IP Address | When the local IP address type is configured to Single Address, enter |
for VPN | a (static) IP address on the LAN behind your ZyXEL Device. |
| When the local IP address type is configured to Subnet, enter a |
| (static) IP address on the LAN behind your ZyXEL Device. |
|
|
IP | When the local IP address type is configured to Single Address, this |
Subnetmask | field is not available. |
| When the local IP address type is configured to Subnet, enter a subnet |
| mask on the LAN behind your ZyXEL Device. |
|
|
Tunnel access | Specify the IP addresses of the devices behind the remote IPSec router |
from remote IP | that can use the VPN tunnel. The remote IP addresses must correspond |
addresses | to the remote IPSec router's configured local IP addresses. |
| Two active SAs cannot have the local and remote IP address(es) both |
| the same. Two active SAs can have the same local or remote IP |
| address, but not both. You can configure multiple SAs between the |
| same local and remote IP addresses, as long as only one is active at |
| any time. |
| Use the |
| Select Single Address with a single IP address. Select Subnet to |
| specify IP addresses on a network by their subnet mask. |
|
|
IP Address | When the remote IP address type is configured to Single Address, |
for VPN | enter a (static) IP address on the network behind the remote IPSec |
| router. |
| When the remote IP address type is configured to Subnet, enter a |
| (static) IP address on the network behind the remote IPSec router. |
|
|
IP | When the remote IP address type is configured to Single Address, |
Subnetmask | this field is not available. |
| When the remote IP address type is configured to Subnet, enter a |
| subnet mask on the network behind the remote IPSec router. |
|
|
Protocol | This field displays ESP and the ZyXEL Device uses ESP (Encapsulation |
| Security Payload) for VPN. The ESP protocol (RFC 2406) provides |
| encryption as well as some of the services offered by AH. |
|
|
Key Exchange | Select Auto(IKE) or Manual from the |
Method | provides more protection so it is generally recommended. Manual is a |
| useful option for troubleshooting if you have problems using |
| Auto(IKE) key management. |
|
|
| 255 |
|
|