ZyXEL Communications 802.11g ADSL 2+ 4-Port Security Gateway HW-D Series User Manual

P-662H/HW-D Series User’s Guide

250

Chapter 16 VPN Screens

Remote

Remote IP addresses must be static and correspond to the remote IPSec router's

configured local IP addresses. The remote fields do not apply when the Secure

Gateway IP Address field is configured to 0.0.0.0. In this case only the remote

IPSec router can initiate the VPN.
Two active SAs cannot have the local and remote IP address(es) both the same.

Two active SAs can have the same local or remote IP address, but not both. You

can configure multiple SAs between the same local and remote IP addresses, as

long as only one is active at any time.

Remote Address

Type

Use the drop-down menu to choose Single, Range, or Subnet. Select Single

with a single IP address. Select Range for a specific range of IP addresses.

Select Subnet to specify IP addresses on a network by their subnet mask.

IP Address Start When the Remote Address Type field is configured to Single, enter a (static) IP

address on the network behind the remote IPSec router. When the Remote

Address Type field is configured to Range, enter the beginning (static) IP

address, in a range of computers on the network behind the remote IPSec router.

When the Remote Address Type field is configured to Subnet, enter a (static) IP

address on the network behind the remote IPSec router.

End / Subnet Mask When the Remote Address Type field is configured to Single, this field is N/A.

When the Remote Address Type field is configured to Range, enter the end

(static) IP address, in a range of computers on the network behind the remote

IPSec router. When the Remote Address Type field is configured to Subnet,

enter a subnet mask on the network behind the remote IPSec router.

Address

Information

Local ID Type This field is read only when Certificate is selected. Select IP to identify this

ZyXEL Device by its IP address.

Select DNS to identify this ZyXEL Device by a domain name.

Select E-mail to identify this ZyXEL Device by an e-mail address.

Content This field is read only when Certificate is selected. When you select IP in the

Local ID Type field, type the IP address of your computer in the local Content

field. The ZyXEL Device automatically uses the IP address in the My IP Address

field (refer to the My IP Address field description) if you configure the local

Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the local

Content field or use the DNS or E-mail ID type in the following situations.
When there is a NAT router between the two IPSec routers.
When you want the remote IPSec router to be able to distinguish between VPN

connection requests that come in from IPSec routers with dynamic WAN IP

addresses.
When you select DNS or E-mail in the Local ID Type field, type a domain name

or e-mail address by which to identify this ZyXEL Device in the local Content field.

Use up to 31 ASCII characters including spaces, although trailing spaces are

truncated. The domain name or e-mail address is for identification purposes only

and can be any string.

My IP Address Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be

rebuilt if this IP address changes.
The following applies if this field is configured as 0.0.0.0:
The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or

dynamic) to set up the VPN tunnel.
If the WAN connection goes down, the ZyXEL Device uses the dial backup IP

address for the VPN tunnel when using dial backup or the LAN IP address when

using traffic redirect. See the chapter on WAN for details on dial backup and traffic

redirect.

Table 94 Edit VPN Policies

LABEL

DESCRIPTION