ZyXEL Communications P-334 User Manual

Prestige 334 User’s Guide

Chapter 15 VPN Screens

172

Remote Address End/

Mask

When the remote IP address is a single address, type it a second time here.
When the remote IP address is a range, enter the end (static) IP address, in a

range of computers on the network behind the remote IPSec router.
When the remote IP address is a subnet address, enter a subnet mask on the

network behind the remote IPSec router.

Remote Port Start

0 is the default and signifies any port. Type a port number from 0 to 65535.

Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80,

HTTP; 25, SMTP; 110, POP3

Remote Port End

Enter a port number in this field to define a port range. This port number must

be greater than that specified in the previous field (or equal to it for configuring

an individual port).

DNS Server (for IPSec

VPN)

If there is a private DNS server that services the VPN, type its IP address here.

The Prestige assigns this additional DNS server to the Prestige’s DHCP

clients that have IP addresses in this IPSec rule's range of local addresses. A

DNS server allows clients on the VPN to find other computers and servers on

the VPN by their (private) domain names.

My IP Address

Enter the WAN IP address of your Prestige. The Prestige uses its current WAN

IP address (static or dynamic) in setting up the VPN tunnel if you leave this

field as 0.0.0.0. The VPN tunnel has to be rebuilt if this IP address changes.

Local ID Type

Select IP to identify this Prestige by its IP address.

Select DNS to identify this Prestige by a domain name.

Select E-mail to identify this Prestige by an e-mail address.

Local Content

When you select IP in the Local ID Type field, type the IP address of your

computer in the local Content field. The Prestige automatically uses the IP

address in the My IP Address field (refer to the My IP Address field

description) if you configure the local Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the local

Content field or use the DNS or E-mail ID type in the following situations.
•

When there is a NAT router between the two IPSec routers.

•

When you want the remote IPSec router to be able to distinguish between

VPN connection requests that come in from IPSec routers with dynamic

WAN IP addresses.

When you select DNS or E-mail in the Local ID Type field, type a domain

name or e-mail address by which to identify this Prestige in the local Content

field. Use up to 31 ASCII characters including spaces, although trailing spaces

are truncated. The domain name or e-mail address is for identification

purposes only and can be any string.

Secure Gateway

Address

Type the WAN IP address or the URL (up to 31 characters) of the remote

secure gateway with which you're making the VPN connection. Set this field to

0.0.0.0 if the remote secure gateway has a dynamic WAN IP address (the

IPSec Keying Mode field must be set to IKE).

Peer ID Type

Select IP to identify the remote IPSec router by its IP address.

Select DNS to identify the remote IPSec router by a domain name.

Select E-mail to identify the remote IPSec router by an e-mail address.

Table 52 VPN IKE: Advanced

LABEL

DESCRIPTION