ZyXEL Communications ZyWall 35 User Manual page 566

ZyWALL 35 User's Guide
Table 208 Menu 27.1.1: IPSec Setup (continued)
FIELD
Local ID type Press [SPACE BAR] to choose IP, DNS, or E-mail and press [ENTER].
Content
My Addr
Type
Address
Peer ID type
564
DESCRIPTION
Select IP to identify this ZyWALL by its IP address.
Select DNS to identify this ZyWALL by a domain name.
Select E-mail to identify this ZyWALL by an e-mail address.
When you select IP in the Local ID type field, type the IP address of your computer in
the local Content field. The ZyWALL automatically uses the IP address in the Address
field (refer to the My Addr Type and Address fields description) if you configure the
local Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the local Content
field or use the DNS or E-mail ID type in the following situations.
• When there is a NAT router between the two IPSec routers.
• When you want the remote IPSec router to be able to distinguish between VPN
connection requests that come in from IPSec routers with dynamic WAN IP
addresses.
When you select DNS or E-mail in the Local ID type field, type a domain name or e-
mail address by which to identify this ZyWALL in the local Content field. Use up to 31
ASCII characters including spaces, although trailing spaces are truncated. The domain
name or e-mail address is for identification purposes only and can be any string.
My Address identifies the WAN IP address of the ZyWALL. You can select IP and enter
the ZyWALL's static WAN IP address (if it has one) or leave the Address field set to
0.0.0.0. The VPN tunnel has to be rebuilt if the My Address changes after setup.
The following applies if the Address field is configured as 0.0.0.0:
• When the WAN port operation mode is set to Active/Passive, the ZyWALL uses the
IP address (static or dynamic) of the WAN port that is in use.
• When the WAN port operation mode is set to Active/Active, the ZyWALL uses the IP
address (static or dynamic) of the primary (highest priority) WAN port to set up the
VPN tunnel as long as the corresponding WAN1 or WAN2 connection is up. If the
corresponding WAN1 or WAN2 connection goes down, the ZyWALL uses the IP
address of the other WAN port.
• If both WAN connections go down, the ZyWALL uses the dial backup IP address for
the VPN tunnel when using dial backup or the LAN IP address when using traffic
redirect. See Chapter 7 WAN Screens
and Chapter 31 Route Setup
Select DDNS and enter one of the dynamic domain names that you have configured (in
the DDNS screen) to have the ZyWALL use that dynamic domain name's IP address.
When you select IP in the My Addr Type field, enter the IP address of your ZyWALL.
When you select DNS in the My Addr Type field, type a domain name.
Press [SPACE BAR] to choose IP, DNS, or E-mail and press [ENTER].
Select IP to identify the remote IPSec router by its IP address.
Select DNS to identify the remote IPSec router by a domain name.
Select E-mail to identify the remote IPSec router by an e-mail address.
or Chapter 27 WAN and Dial Backup Setup
for details on dial backup and traffic redirect.
Chapter 44 VPN/IPSec Setup