ZyXEL Communications UAG5100 User Manual page 350

Each field is described in the following table.
Table 158 Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit
LABEL DESCRIPTION
Show Advanced Click this button to display a greater or lesser number of configuration fields.
Settings / Hide
Advanced Settings
General Settings
Enable Select this check box to activate this VPN gateway policy.
VPN Gateway Type the name used to identify this VPN gateway. You may use 1-31 alphanumeric
Name
characters, underscores(
This value is case-sensitive.
Gateway Settings
My Address Select how the IP address of the UAG in the IKE SA is defined.
If you select Interface, select the Ethernet interface, VLAN interface, virtual Ethernet
interface, virtual VLAN interface or PPPoE/PPTP interface. The IP address of the UAG in
the IKE SA is the IP address of the interface.
If you select Domain Name / IPv4, enter the domain name or the IP address of the
UAG. The IP address of the UAG in the IKE SA is the specified IP address or the IP
address corresponding to the domain name. 0.0.0.0 is not generally recommended as it
has the UAG accept IPSec requests destined for any interface address on the UAG.
Peer Gateway Select how the IP address of the remote IPSec router in the IKE SA is defined.
Address
Select Static Address to enter the domain name or the IP address of the remote IPSec
router. You can provide a second IP address or domain name for the UAG to try if it
cannot establish an IKE SA with the first one.
Authentication
Note: The UAG and remote IPSec router must use the same authentication method to
Pre-Shared Key Select this to have the UAG and remote IPSec router use a pre-shared key (password)
to identify each other when they negotiate the IKE SA. Type the pre-shared key in the
field to the right. The pre-shared key can be:
•
•
Type "0x" at the beginning of a hexadecimal key. For example,
"0x0123456789ABCDEF" is in hexadecimal format; "0123456789ABCDEF" is in ASCII
format. If you use hexadecimal, you must enter twice as many characters since you
need to enter pairs.
The UAG and remote IPSec router must use the same pre-shared key.
unmasked Select this option to see the pre-shared key in readable plain text.
De-select this option to not display the real key (password) and instead show a
sequence of dots.
Chapter 30 IPSec VPN
), or dashes (-), but the first character cannot be a number.
_
Fall back to Primary Peer Gateway when possible: When you select this, if the
connection to the primary address goes down and the UAG changes to using the
secondary connection, the UAG will reconnect to the primary address when it
becomes available again and stop using the secondary connection. Users will lose
their VPN connection briefly while the UAG changes back to the primary connection.
To use this, the peer device at the secondary address cannot be set to use a nailed-
up VPN connection. In the Fall Back Check Interval field, set how often to check if
the primary address is available.
establish the IKE SA.
alphanumeric characters or ,;.|`~!@#$%^&*()_+\{}':./<>=-"
pairs of hexadecimal (0-9, A-F) characters, preceded by "0x".
UAG Series User's Guide
350