ZyXEL Communications VANTAGE CNM User Manual page 164

Vantage CNM User's Guide
Table 57 Configuration > VPN > Tunnel IPSec Detail (continued)
LABEL
ID Content
Address Type
Address Start
Address End
Port Start
Port End
Phase 1
Negotiation Mode
163
DESCRIPTION
When you select IP in the Local ID Type field, type the IP address of your
computer. The ZyXEL device uses the IP address in the My IP Address
field if you configure the local Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the
local Content field or use the DNS or E-mail ID type in the following
situations.
When there is a NAT router between the two IPSec routers.
When you want the remote IPSec router to be able to distinguish
between VPN connection requests that come in from IPSec routers with
dynamic WAN IP addresses.
With DNS or E-mail in the Local ID Type field, type a domain name or
e-mail address by which to identify this ZyXEL device. Use up to 31 ASCII
characters including spaces, although trailing spaces are truncated. The
domain name or e-mail address is for identification purposes only and can
be any string.
This is the IP address(es) of computer(s) the A-end or Z-end of the VPN
tunnel.
The same (static) IP address is displayed twice in the Address Start and
Address End fields when the Address Type field is configured to Single.
The beginning and ending (static) IP addresses, in a range of computers
are displayed when the Address Type is configured to Range.
A (static) IP address and a subnet mask are displayed when the Address
Type field is configured to Subnet.
These addresses cannot be automatically generated by Vantage.
Enter the beginning IP address of the computers behind the ZyXEL
device.
Enter the ending IP address of the computers behind the ZyXEL device.
0 is the default and signifies any port.
Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80,
HTTP; 25, SMTP; 110, POP3
Type a port number from 0 to 65535 for the starting port in a range.
Type the same port number as above to specify a single port. Type a port
number greater than the start port number to specify the end port in a port
range.
There are two phases to every IKE (Internet Key Exchange) negotiation –
phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1
exchange establishes an IKE SA and the second one uses that SA to
negotiate SAs for IPSec.
Select either Main or Aggressive. Aggressive mode is quicker than Main
mode because it eliminates several steps when the communicating parties
are negotiating authentication (phase 1). However the trade-off is that
faster speed limits its negotiating power and it also does not provide
identity protection. It is useful in remote access situations where the
address of the initiator is not know by the responder and both parties want
to use pre-shared key authentication.
Chapter 11 Configuration > VPN