ZyXEL Communications NBG-460N User Manual page 171

Table 63 SECURITY > VPN > Rule Setup: IKE (Basic) (continued)
LABEL
Remote Policy
Remote Address
Remote Address
End /Mask
Authentication
Method
My IP Address
Local ID Type
Local Content
NBG460N User's Guide
DESCRIPTION
Remote IP addresses must be static and correspond to the remote IPSec router's
configured local IP addresses. The remote fields do not apply when the Secure
Gateway IP Address field is configured to 0.0.0.0. In this case only the remote
IPSec router can initiate the VPN.
Two active SAs cannot have the local and remote IP address(es) both the same.
Two active SAs can have the same local or remote IP address, but not both. You
can configure multiple SAs between the same local and remote IP addresses, as
long as only one is active at any time.
For a single IP address, enter a (static) IP address on the network behind the
remote IPSec router.
For a specific range of IP addresses, enter the beginning (static) IP address, in a
range of computers on the network behind the remote IPSec router.
To specify IP addresses on a network by their subnet mask, enter a (static) IP
address on the network behind the remote IPSec router.
When the remote IP address is a single address, type it a second time here.
When the remote IP address is a range, enter the end (static) IP address, in a
range of computers on the network behind the remote IPSec router.
When the remote IP address is a subnet address, enter a subnet mask on the
network behind the remote IPSec router.
Enter the NBG460N's static WAN IP address (if it has one) or leave the field set to
0.0.0.0.
The NBG460N uses its current WAN IP address (static or dynamic) in setting up
the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes
down, the NBG460N uses the dial backup IP address for the VPN tunnel when
using dial backup or the LAN IP address when using traffic redirect.
Otherwise, you can enter one of the dynamic domain names that you have
configured (in the DDNS screen) to have the NBG460N use that dynamic domain
name's IP address.
The VPN tunnel has to be rebuilt if My IP Address changes after setup.
Select IP to identify this NBG460N by its IP address.
Select Domain Name to identify this NBG460N by a domain name.
Select E-mail to identify this NBG460N by an e-mail address.
When you select IP in the Local ID Type field, type the IP address of your
computer in the Local Content field. The NBG460N automatically uses the IP
address in the My IP Address field (refer to the My IP Address field description)
if you configure the Local Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the Local
Content field or use the Domain Name or E-mail ID type in the following
situations.
• When there is a NAT router between the two IPSec routers.
• When you want the remote IPSec router to be able to distinguish between
VPN connection requests that come in from IPSec routers with dynamic WAN
IP addresses.
When you select Domain Name or E-mail in the Local ID Type field, type a
domain name or e-mail address by which to identify this NBG460N in the Local
Content field. Use up to 31 ASCII characters including spaces, although trailing
spaces are truncated. The domain name or e-mail address is for identification
purposes only and can be any string.
Chapter 15 IPSec VPN
171