ZyXEL Communications P-334U User Manual

P-334U/P-335U User’s Guide

Chapter 13 IPSec VPN

157

My IP Address

Enter the ZyXEL Device's static WAN IP address (if it has one) or leave the field

set to 0.0.0.0.
The ZyXEL Device uses its current WAN IP address (static or dynamic) in

setting up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN

connection goes down, the ZyXEL Device uses the dial backup IP address for

the VPN tunnel when using dial backup or the LAN IP address when using

traffic redirect.
Otherwise, you can enter one of the dynamic domain names that you have

configured (in the DDNS screen) to have the ZyXEL Device use that dynamic

domain name's IP address.
The VPN tunnel has to be rebuilt if My IP Address changes after setup.

Local ID Type

Select IP to identify this ZyXEL Device by its IP address.
Select DNS to identify this ZyXEL Device by a domain name.
Select E-mail to identify this ZyXEL Device by an e-mail address.

Local Content

When you select IP in the Local ID Type field, type the IP address of your

computer in the Local Content field. The ZyXEL Device automatically uses the

IP address in the My IP Address field (refer to the My IP Address field

description) if you configure the Local Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the Local

Content field or use the Domain Name or E-mail ID type in the following

situations.
•

When there is a NAT router between the two IPSec routers.

•

When you want the remote IPSec router to be able to distinguish between

VPN connection requests that come in from IPSec routers with dynamic

WAN IP addresses.

When you select Domain Name or E-mail in the Local ID Type field, type a

domain name or e-mail address by which to identify this ZyXEL Device in the

Local Content field. Use up to 31 ASCII characters including spaces, although

trailing spaces are truncated. The domain name or e-mail address is for

identification purposes only and can be any string.

Secure Gateway

Address

Type the WAN IP address or the domain name (up to 31 characters) of the

IPSec router with which you're making the VPN connection. Set this field to

0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the IPSec

Keying Mode field must be set to IKE).
In order to have more than one active rule with the Secure Gateway Address

field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between

rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address

field and the LAN’s full IP address range as the local IP address, then you

cannot configure any other active rules with the Secure Gateway Address field

set to 0.0.0.0.

Note: You can also enter a remote secure gateway’s domain

name in the Secure Gateway Address field if the remote
secure gateway has a dynamic WAN IP address and is
using DDNS. The ZyXEL Device has to rebuild the VPN
tunnel each time the remote secure gateway’s WAN IP
address changes (there may be a delay until the DDNS
servers are updated with the remote gateway’s new WAN
IP address).

Peer ID Type

Select IP to identify the remote IPSec router by its IP address.

Select DNS to identify the remote IPSec router by a domain name.

Select E-mail to identify the remote IPSec router by an e-mail address.

Table 53 Security > VPN > Rule Setup: IKE (Advanced) (continued)

LABEL

DESCRIPTION