ZyXEL Communications Prestige 662HW Series User Manual page 179

LABEL
My IP Address
Peer ID Type
Content
Secure Gateway
Address
Security Protocol
VPN Protocol
VPN Screens
Table 16-7 VPN IKE
Enter the WAN IP address of your Prestige. The VPN tunnel has to be rebuilt if this IP
address changes.
The following applies if this field is configured as 0.0.0.0:
The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up
the VPN tunnel.
If the WAN connection goes down, the Prestige uses the dial backup IP address for the
VPN tunnel when using dial backup or the LAN IP address when using traffic redirect.
See the chapter on WAN for details on dial backup and traffic redirect.
Select IP to identify the remote IPSec router by its IP address.
Select DNS to identify the remote IPSec router by a domain name.
Select E-mail to identify the remote IPSec router by an e-mail address.
The configuration of the peer content depends on the peer ID type.
For IP, type the IP address of the computer with which you will make the VPN
connection. If you configure this field to 0.0.0.0 or leave it blank, the Prestige will use
the address in the Secure Gateway Address field (refer to the Secure Gateway
Address field description).
For DNS or E-mail, type a domain name or e-mail address by which to identify the
remote IPSec router. Use up to 31 ASCII characters including spaces, although trailing
spaces are truncated. The domain name or e-mail address is for identification purposes
only and can be any string.
It is recommended that you type an IP address other than 0.0.0.0 or use the DNS or E-
mail ID type in the following situations:
When there is a NAT router between the two IPSec routers.
When you want the Prestige to distinguish between VPN connection requests that
come in from remote IPSec routers with dynamic WAN IP addresses.
Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with
which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec
router has a dynamic WAN IP address (the Key Management field must be set to IKE).
In order to have more than one active rule with the Secure Gateway Address field set
to 0.0.0.0, the ranges of the local IP addresses cannot overlap between rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field and
the LAN's full IP address range as the local IP address, then you cannot configure any
other active rules with the Secure Gateway Address field set to 0.0.0.0.
Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP
protocol (RFC 2406) provides encryption as well as some of the services offered by
AH. If you select ESP here, you must select options from the Encryption Algorithm
and Authentication Algorithm fields (described below).
Prestige 662HW Series User's Guide
DESCRIPTION
16-11