ZyXEL Communications ZyXEL NBG420N User Manual page 177

Table 64 Security > VPN > Rule Setup: IKE (Advanced) (continued)
LABEL
Local Content
Secure Gateway
Address
Peer ID Type
Peer Content
NBG420N User's Guide
DESCRIPTION
When you select IP in the Local ID Type field, type the IP address of your
computer in the Local Content field. The NBG420N automatically uses the IP
address in the My IP Address field (refer to the My IP Address field
description) if you configure the Local Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the Local
Content field or use the Domain Name or E-mail ID type in the following
situations.
• When there is a NAT router between the two IPSec routers.
• When you want the remote IPSec router to be able to distinguish between
VPN connection requests that come in from IPSec routers with dynamic
WAN IP addresses.
When you select Domain Name or E-mail in the Local ID Type field, type a
domain name or e-mail address by which to identify this NBG420N in the Local
Content field. Use up to 31 ASCII characters including spaces, although trailing
spaces are truncated. The domain name or e-mail address is for identification
purposes only and can be any string.
Type the WAN IP address or the domain name (up to 31 characters) of the
IPSec router with which you're making the VPN connection. Set this field to
0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the IPSec
Keying Mode field must be set to IKE).
In order to have more than one active rule with the Secure Gateway Address
field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between
rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address
field and the LAN's full IP address range as the local IP address, then you
cannot configure any other active rules with the Secure Gateway Address field
set to 0.0.0.0.
Note: You can also enter a remote secure gateway's domain
name in the Secure Gateway Address field if the remote
secure gateway has a dynamic WAN IP address and is
using DDNS. The NBG420N has to rebuild the VPN tunnel
each time the remote secure gateway's WAN IP address
changes (there may be a delay until the DDNS servers are
updated with the remote gateway's new WAN IP address).
Select IP to identify the remote IPSec router by its IP address.
Select Domain Name to identify the remote IPSec router by a domain name.
Select E-mail to identify the remote IPSec router by an e-mail address.
The configuration of the peer content depends on the peer ID type.
For IP, type the IP address of the computer with which you will make the VPN
connection. If you configure this field to 0.0.0.0 or leave it blank, the NBG420N
will use the address in the Secure Gateway Address field (refer to the Secure
Gateway Address field description).
For Domain Name or E-mail, type a domain name or e-mail address by which
to identify the remote IPSec router. Use up to 31 ASCII characters including
spaces, although trailing spaces are truncated. The domain name or e-mail
address is for identification purposes only and can be any string.
It is recommended that you type an IP address other than 0.0.0.0 or use the
Domain Name or E-mail ID type in the following situations:
• When there is a NAT router between the two IPSec routers.
• When you want the NBG420N to distinguish between VPN connection
requests that come in from remote IPSec routers with dynamic WAN IP
addresses.
Chapter 15 IPSec VPN
177