ZyXEL Communications Vantage CNM 2.0 User Manual page 130

Vantage CNM 2.0
FIELD
ID Content
Address Type
Address Start
Address End
Port Start
Port End
Phase 1
Negotiation Mode
11-10
Table 11-6 Configuration > VPN > Tunnel IPSec Detail
When you select IP in the Local ID Type field, type the IP address of your
computer. The ZyXEL device uses the IP address in the My IP Address field if you
configure the local Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the local
Content field or use the DNS or E-mail ID type in the following situations.
When there is a NAT router between the two IPSec routers.
When you want the remote IPSec router to be able to distinguish between
VPN connection requests that come in from IPSec routers with dynamic
WAN IP addresses.
With DNS or E-mail in the Local ID Type field, type a domain name or e-
mail address by which to identify this ZyXEL device. Use up to 31 ASCII
characters including spaces, although trailing spaces are truncated. The
domain name or e-mail address is for identification purposes only and can
be any string.
This is the IP address(es) of computer(s) the A-end or Z-end of the VPN tunnel.
The same (static) IP address is displayed twice in the Address Start and Address
End fields when the Address Type field is configured to Single.
The beginning and ending (static) IP addresses, in a range of computers are
displayed when the Address Type is configured to Range.
A (static) IP address and a subnet mask are displayed when the Address Type field
is configured to Subnet.
These addresses cannot be automatically generated by
Enter the beginning IP address of the computers behind the ZyXEL device.
Enter the ending IP address of the computers behind the ZyXEL device.
0 is the default and signifies any port.
Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP;
25, SMTP; 110, POP3
Type a port number from 0 to 65535 for the starting port in a range.
Type the same port number as above to specify a single port. Type a port number
greater than the start port number to specify the end port in a port range.
There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1
(Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an
IKE SA and the second one uses that SA to negotiate SAs for IPSec.
Select either Main or Aggressive. Aggressive mode is quicker than Main mode
because it eliminates several steps when the communicating parties are negotiating
authentication (phase 1). However the trade-off is that faster speed limits its
negotiating power and it also does not provide identity protection. It is useful in
remote access situations where the address of the initiator is not know by the
responder and both parties want to use pre-shared key authentication.
DESCRIPTION
Vantage.
Configuration > VPN