ZyXEL Communications ZyWall 35 User Manual page 568

ZyWALL 35 User's Guide
Table 208 Menu 27.1.1: IPSec Setup (continued)
FIELD
End
Port Start
End
Remote
Addr Type
IP Addr Start When the Addr Type field is configured to Single, enter a static IP address on the
End
Port Start
End
Enable
Replay
Detection
566
DESCRIPTION
When the Addr Type field is configured to Single, this field is N/A.
When the Addr Type field is configured to Range, enter the end (static) IP address, in a
range of computers on the LAN behind your ZyWALL.
When the Addr Type field is configured to SUBNET, this is a subnet mask on the LAN
behind your ZyWALL.
0 is the default and signifies any port. Type a port number from 0 to 65535. You cannot
create a VPN tunnel if you try to connect using a port number that does not match this
port number or range of port numbers.
Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25,
SMTP; 110, POP3
Enter a port number in this field to define a port range. This port number must be greater
than that specified in the previous field. This field is N/A when 0 is configured in the Port
Start field.
Remote IP addresses must be static and correspond to the remote IPSec router's
configured local IP addresses. The remote fields are N/A when the Secure Gateway
Address field is configured to 0.0.0.0.
Two active SAs cannot have the local and remote IP address(es) both the same. Two
active SAs can have the same local or remote IP address, but not both. You can
configure multiple SAs between the same local and remote IP addresses, as long as
only one is active at any time.
Press [SPACE BAR] to choose SINGLE, RANGE, or SUBNET and press [ENTER].
Select SINGLE with a single IP address. Use RANGE for a specific range of IP
addresses. Use SUBNET to specify IP addresses on a network by their subnet mask.
network behind the remote IPSec router.
When the Addr Type field is configured to Range, enter the beginning (static) IP
address, in a range of computers on the network behind the remote IPSec router.
When the Addr Type field is configured to SUBNET, enter a static IP address on the
network behind the remote IPSec router.
This field displays N/A when you configure the Secure Gateway Address field to
0.0.0.0.
When the Addr Type field is configured to Single, this field is N/A.
When the Addr Type field is configured to Range, enter the end (static) IP address, in a
range of computers on the network behind the remote IPSec router.
When the Addr Type field is configured to SUBNET, enter a subnet mask on the
network behind the remote IPSec router.
This field displays N/A when you configure the Secure Gateway Address field to
0.0.0.0.
0 is the default and signifies any port. Type a port number from 0 to 65535. Someone
behind the remote IPSec router cannot create a VPN tunnel when attempting to connect
using a port number that does not match this port number or range of port numbers.
Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25,
SMTP; 110, POP3.
Enter a port number in this field to define a port range. This port number must be greater
than that specified in the previous field. This field is N/A when 0 is configured in the Port
Start field.
As a VPN setup is processing intensive, the system is vulnerable to Denial of Service
(DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to
protect against replay attacks. Enable replay detection by setting this field to Yes.
Press [SPACE BAR] to select Yes or No. Choose Yes and press [ENTER] to enable
replay detection.
Chapter 44 VPN/IPSec Setup