ZyXEL Communications NBG5715 User Manual page 134

Chapter 18 IPSec VPN
Security > IPSec VPN > General > Edit: Manual
Table 56
LABEL
My IP Address
Secure Gateway
Address
IPSec Algorithm
SPI
Encryption
Algorithm
Encryption Key
Authentication
Algorithm
Authentication
Key
Encapsulation
Mode
134
DESCRIPTION
Enter the NBG5715's static WAN IP address (if it has one) or leave the field set to
0.0.0.0.
The NBG5715 uses its current WAN IP address (static or dynamic) in setting up
the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes
down, the NBG5715 uses the dial backup IP address for the VPN tunnel when
using dial backup or the LAN IP address when using traffic redirect.
Otherwise, you can enter one of the dynamic domain names that you have
configured (in the DDNS screen) to have the NBG5715 use that dynamic domain
name's IP address.
The VPN tunnel has to be rebuilt if My IP Address changes after setup.
Type the WAN IP address or the domain name (up to 31 characters) of the IPSec
router with which you're making the VPN connection. Set this field to 0.0.0.0 if
the remote IPSec router has a dynamic WAN IP address (the IPSec Keying
Mode field must be set to IKE).
In order to have more than one active rule with the Secure Gateway Address
field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between
rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address
field and the LAN's full IP address range as the local IP address, then you cannot
configure any other active rules with the Secure Gateway Address field set to
0.0.0.0.
You can also enter a remote secure gateway's domain name in the Secure
Gateway Address field if the remote secure gateway has a dynamic WAN IP
address and is using DDNS. The NBG5715 has to rebuild the VPN tunnel each
time the remote secure gateway's WAN IP address changes (there may be a
delay until the DDNS servers are updated with the remote gateway's new WAN
IP address).
Type a unique SPI (Security Parameter Index) from one to four characters long.
Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".
Select which key size and encryption algorithm to use in the IKE SA. Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
The NBG5715 and the remote IPSec router must use the same algorithms and
keys. Longer keys require more processing power, resulting in increased latency
and decreased throughput.
This field is applicable when you select ESP in the IPSec Protocol field above.
With DES, type a unique key 8 characters long. With 3DES, type a unique key
24 characters long. Any characters may be used, including spaces, but trailing
spaces are truncated.
Select which hash algorithm to use to authenticate packet data in the IPSec SA.
Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5,
but it is also slower.
Type a unique authentication key to be used by IPSec if applicable. Enter 16
characters for MD5 authentication or characters for SHA-1 authentication. Any
characters may be used, including spaces, but trailing spaces are truncated.
Select Tunnel mode or Transport mode from the drop-down list box.
(continued)
NBG5715 User's Guide