ZyXEL Communications P-334WT Support Notes page 41

Hide thumbs Also See for P-334WT:

User manual (467 pages)

Quick start manual (112 pages)

Quick start manual (102 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

page of 295

/ 295
Contents
Table of Contents
Bookmarks

Table of Contents

private IP address as the content of it's phase 1 ID. So you have to configure P-334WT's secure gateway's phase 1 ID as the private IP

address of the VPN client. The configuration will be like this,

15. How can I keep a tunnel alive?

To keep a tunnel alive, you can check "keep alive" option when configuring your VPN tunnel. With this option, whenever phase 2 SA

lifetime is due, IKE negotiation procedure will be invoked automatically even without traffic to make the connection stay.

But to reduce the consumption of system resource, if VPN tunnels get disconnected either manually, by idle timer, or because of power

cycle, packet triggering is still necessary to make the tunnel up.

16. Can the whole LAN behind P-334WT be protected by VPN/IPSec tunnel?

No, it can't. P-334WT is designed for Telecommuter. Only one PC assigned in the Local IP Addr of VPN rule can be protected via VPN/

IPSec.

17. Can P-334WT support IPSec passthrough?

Yes, P-334WT can support IPSec passthrough. P-334WT doesn't only support IPSec/VPN gateway, it can also be a NAT router supporting

IPSec passthrough.

If the VPN connection is initiated from the security gateway behind P-334WT, no configuration is necessary for NAT nor Firewall.

If the VPN connection is initiated from the security gateway outside of P-334WT, NAT port forwarding and Firewall forwarding are

necessary.

To configure NAT port forwarding, please go to WEB interface, Setup/ "SUA/NAT", put the secure gateway's IP address in default server.

To configure Firewall forwarding, please go to WEB interface, Setup/Firewall, select Packet Direction to WAN to LAN, and create a

firewall rule the forwards IKE(UDP:500).

18. Can P-334WT behave as a NAT router supporting IPSec passthrough and an IPSec gateway simultaneously ?

No, current P-334WT can't support them simultaneously. You need to choose either one. If P-334WT is to support IPSec passthrough, you

have to disable the VPN function on P-334WT. To disable it, you can either deactivate each VPN rule or issue a CI command, "ipsec

switch off" from SMT menu 24.8. You can get into SMT menu via either telnet or console connection. P-334WT may support both of them

in the future, please refer to the release note.

Table of Contents

ZyXEL Communications P-334WT Support Notes page 41

Related Manuals for ZyXEL Communications P-334WT

Related Products for ZyXEL Communications P-334WT

Table of Contents