How Can I Keep A Tunnel Alive; Which Ip Address Types (Single, Range Or Subnet ) Does The Prestige Vpn/Ipsec Support; Does The Prestige Support Ipsec Passthrough - ZyXEL Communications P-2608HWL-D1 Support Notes

P-2608hwl series

Hide thumbs Also See for P-2608HWL-D1:

Quick start manual (8 pages)

User manual (451 pages)

Specifications (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

Table of Contents

P-2608HWL Series Support Notes

VPN client: 10.1.33.33

NAT router WAN IP: 202.132.154.2

Prestige WAN: 202.132.154.3

Since the VPN client is behind a NAT router, it must have a private IP address in most cases. This may

cause the VPN client to send its private IP address as the content of its phase 1 ID. So you have to

configure the private IP address of the VPN client as the phase 1 ID on the Prestige.

How can I keep a tunnel alive?

To keep a tunnel alive, you can select "keep alive" option when configuring your VPN tunnel. With this

option, whenever phase 2 SA lifetime is reached, the IKE negotiation procedure will be invoked

automatically even without traffic to make the connection stay up.

To reduce consuming system resource, VPN tunnels get disconnected either manually, by a idle timer, or

by device shutdown. Packet triggering is still necessary to re-establish the tunnel.

Which IP address types (Single, Range or Subnet ) does the Prestige VPN/IPSec support ?

The Prestige supports all IP address types (single, range and subnet). Thus you can specify a single PC, a

range of PCs or even a network of PCs to use the VPN/IPSec service.

Does the Prestige support IPSec passthrough?

Yes. The Prestige supports IPSec passthrough. In addition to being a VPN gateway, you can also set the

Prestige to work as a NAT router with IPSec passthrough.

If the VPN connection is initiated from a security gateway behind the Prestige, no NAT or Firewall

configuration is require.

If the VPN connection is initiated from a security gateway from the remote gateway, you must configure

NAT port forwarding and Firewall forwarding on the Prestige.

Configure NAT port forwarding in the web configurator. Click Setup > "SUA/NAT" and set the secure

gateway's IP address as the default server.

Configure Firewall forwarding in the web configurator. Click Setup > Firewall, select WAN to LAN

Packet Direction and create a firewall rule the forwards IKE(UDP:500) traffic.

Can the Prestige work as a NAT router with IPSec passthrough and an IPSec gateway at

177

Table of Contents

Troubleshooting

This manual is also suitable for:

P-2608hwl-d3

How Can I Keep A Tunnel Alive; Which Ip Address Types (Single, Range Or Subnet ) Does The Prestige Vpn/Ipsec Support; Does The Prestige Support Ipsec Passthrough - ZyXEL Communications P-2608HWL-D1 Support Notes

How can I keep a tunnel alive?

Which IP address types (Single, Range or Subnet ) does the Prestige VPN/IPSec support ?

Does the Prestige support IPSec passthrough?

Troubleshooting

Related Manuals for ZyXEL Communications P-2608HWL-D1

Related Content for ZyXEL Communications P-2608HWL-D1

This manual is also suitable for:

Table of Contents