ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual

ZyWALL 2 Series User’s Guide

14-20

VPN Screens

Table 14-7 Basic IKE VPN Rule Edit

LABEL

DESCRIPTION

My IP Address

Enter the WAN IP address of your ZyWALL. The VPN tunnel has to be rebuilt if this IP
address changes.

The following applies if this field is configured as 0.0.0.0:

The ZyWALL uses the current ZyWALL WAN IP address (static or dynamic) to set up
the VPN tunnel.

If the WAN connection goes down, the ZyWALL uses the dial backup IP address for
the VPN tunnel when using dial backup or the LAN IP address when using traffic
redirect. See the chapter on WAN for details on dial backup and traffic redirect.

Secure Gateway
Address

Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with which
you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec router has
a dynamic WAN IP address (the Key Management (or IPSec Keying Mode) field must be
set to IKE).

In order to have more than one active rule with the Secure Gateway Address field set to
0.0.0.0, the ranges of the local IP addresses cannot overlap between rules.

If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field and the
LAN’s full IP address range as the local IP address, then you cannot configure any other
active rules with the Secure Gateway Address field set to 0.0.0.0.

Encapsulation
Mode

Select Tunnel mode or Transport mode from the drop-down list box.

ESP

Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol
(RFC 2406) provides encryption as well as some of the services offered by AH. If you
select ESP here, you must select options from the Encryption Algorithm and
Authentication Algorithm fields (described below).