Active Protocol; Encapsulation; Figure 211 Virtual Mapping Of Local And Remote Network Ip Addresses - ZyXEL Communications ZYWALL 35 User Manual
Internet security appliance
Hide thumbs
Also See for ZYWALL 35:
- User manual (832 pages) ,
- Support notes (335 pages) ,
- Quick start manual (142 pages)
Table of Contents
Advertisement
Chapter 18 IPSec VPN
Figure 211 Virtual Mapping of Local and Remote Network IP Addresses
Computers on network X use IP addresses 192.168.1.2 to 192.168.1.4 to access local network
devices and IP addresses 172.21.2.2 to 172.21.2.27 to access the remote network devices.
Computers on network Y use IP addresses 192.168.1.2 to 192.168.1.27 to access local
network devices and IP addresses 10.0.0.2 to 10.0.0.4 to access the remote network devices.
18.6.3 Active Protocol
The active protocol controls the format of each packet. It also specifies how much of each
packet is protected by the encryption and authentication algorithms. IPSec VPN includes two
active protocols, AH (Authentication Header, RFC 2402) and ESP (Encapsulating Security
Payload, RFC 2406).
The ZyWALL and remote IPSec router must use the same active protocol.
Usually, you should select ESP. AH does not support encryption, and ESP is more suitable
with NAT.
18.6.4 Encapsulation
There are two ways to encapsulate packets. Usually, you should use tunnel mode because it is
more secure. Transport mode is only used when the IPSec SA is used for communication
between the ZyWALL and remote IPSec router (for example, for remote management), not
between computers on the local and remote networks.
The ZyWALL and remote IPSec router must use the same encapsulation.
370
ZyWALL 5/35/70 Series User's Guide
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
