Active Protocol; Encapsulation; Figure 138 Virtual Mapping Of Local And Remote Network Ip Addresses - ZyXEL Communications ZYWALL P1 User Manual
Internet security appliance
Hide thumbs
Also See for ZYWALL P1:
- Quick start manual (72 pages) ,
- Quick start manual (64 pages) ,
- User manual (369 pages)
Table of Contents
Advertisement
For example, ZyWALL A is assigned a WAN IP address of 192.168.1.2, which conflicts with
its existing LAN IP address of 192.168.1.2. So in this example, ZyWALL A automatically
changes its LAN IP address to 172.16.0.1 and the local network X's (private) IP addresses to
172.16.0.2 to 172.16.0.4. With virtual mapping, ZyWALL A still translates the local network
X's (private) IP addresses to 10.0.0.2 to 10.0.0.4. So the VPN tunnel still works in the same
way as if nothing had changed.
Figure 138 Virtual Mapping of Local and Remote Network IP Addresses
13.6.3 Active Protocol
The active protocol controls the format of each packet. It also specifies how much of each
packet is protected by the encryption and authentication algorithms. IPSec VPN includes two
active protocols, AH (Authentication Header, RFC 2402) and ESP (Encapsulating Security
Payload, RFC 2406).
The ZyWALL and remote IPSec router must use the same active protocol.
Usually, you should select ESP. AH does not support encryption, and ESP is more suitable
with NAT.
13.6.4 Encapsulation
There are two ways to encapsulate packets. Usually, you should use tunnel mode because it is
more secure. Transport mode is only used when the IPSec SA is used for communication
between the ZyWALL and remote IPSec router (for example, for remote management), not
between computers on the local and remote networks.
ZyWALL P1 User's Guide
Chapter 13 IPSec VPN
221
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
