ZyXEL Communications 10 User Manual
Page 364
ZyWALL 10~100 Series Internet Security Gateway
29-6
VPN/IPSec
Setup
Table 29-5 Mismatching ID Type and Content Configuration Example
ZYWALL A
ZYWALL B
Local ID type: IP
Local ID type: IP
Local ID content: N/A
Local ID content: N/A
Local IP address: 1.1.1.1
Local IP address: 1.1.1.2
Peer ID type: E-mail
Peer ID type: IP
Peer ID content: [email protected]
Peer ID content: N/A
Peer IP address: 1.1.1.2
Peer IP address: 1.1.1.1
29.3.3 My IP Address
My IP Addr is the WAN IP address of the ZyWALL. If this field is configured as 0.0.0.0, then the ZyWALL
will use the current ZyWALL WAN IP address (static or dynamic) to set up the VPN tunnel. The ZyWALL
has to rebuild the VPN tunnel if the My IP Addr changes after setup.
29.3.4 Secure Gateway Address
Secure Gateway Addr is the WAN IP address or domain name of the remote IPSec router (secure gateway).
If the remote secure gateway has a static WAN IP address, enter it in the Secure Gateway Addr field. You
may alternatively enter the remote secure gateway’s domain name (if it has one) in the Secure Gateway
Addr field.
You can also enter a remote secure gateway’s domain name in the Secure Gateway Addr field if the remote
secure gateway has a dynamic WAN IP address and is using DDNS. The ZyWALL has to rebuild the VPN
tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the
DDNS servers are updated with the remote gateway’s new WAN IP address).
If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 in the
Secure Gateway Addr field. In this case only the remote secure gateway can initiate SAs. This may be
useful for telecommuters initiating a VPN tunnel to the company network. See the following table for an
example configuration.
You can configure multiple SAs to simultaneously connect through the same secure gateway. In this case,
you must configure the SAs to have the same Negotiation Mode and Pre-Shared Key (Menu 27.1.1.1 IKE
Setup).