ZyXEL Communications P-334U User Manual

P-334U/P-335U User’s Guide

152

Chapter 13 IPSec VPN

Secure Gateway

Address

Type the WAN IP address or the domain name (up to 31 characters) of the IPSec

router with which you're making the VPN connection. Set this field to 0.0.0.0 if the

remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode

field must be set to IKE).
In order to have more than one active rule with the Secure Gateway Address

field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between

rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field

and the LAN’s full IP address range as the local IP address, then you cannot

configure any other active rules with the Secure Gateway Address field set to

0.0.0.0.

Note: You can also enter a remote secure gateway’s domain

name in the Secure Gateway Address field if the remote
secure gateway has a dynamic WAN IP address and is
using DDNS. The ZyXEL Device has to rebuild the VPN
tunnel each time the remote secure gateway’s WAN IP
address changes (there may be a delay until the DDNS
servers are updated with the remote gateway’s new WAN IP
address).

Peer ID Type

Select IP to identify the remote IPSec router by its IP address.

Select DNS to identify the remote IPSec router by a domain name.

Select E-mail to identify the remote IPSec router by an e-mail address.

Peer Content

The configuration of the peer content depends on the peer ID type.
For IP, type the IP address of the computer with which you will make the VPN

connection. If you configure this field to 0.0.0.0 or leave it blank, the ZyXEL

Device will use the address in the Secure Gateway Address field (refer to the

Secure Gateway Address field description).
For Domain Name or E-mail, type a domain name or e-mail address by which to

identify the remote IPSec router. Use up to 31 ASCII characters including spaces,

although trailing spaces are truncated. The domain name or e-mail address is for

identification purposes only and can be any string.
It is recommended that you type an IP address other than 0.0.0.0 or use the

Domain Name or E-mail ID type in the following situations:
•

When there is a NAT router between the two IPSec routers.

•

When you want the ZyXEL Device to distinguish between VPN connection

requests that come in from remote IPSec routers with dynamic WAN IP

addresses.

IPSec Algorithm

Encapsulation

Mode

Select Tunnel mode or Transport mode from the drop-down list box.

IPSec Protocol

Select the security protocols used for an SA.
Both AH and ESP increase processing requirements and communications

latency (delay).
If you select ESP here, you must select options from the Encryption Algorithm

and Authentication Algorithm fields (described below).

Table 52 Security > VPN > Rule Setup: IKE (Basic) (continued)

LABEL

DESCRIPTION