Figure 145 Advanced Vpn Policies; Table 97 Advanced Vpn Policies - ZyXEL Communications P-2602H User Manual

Chapter 18 VPN Screens

Figure 145 Advanced VPN Policies

The following table describes the fields in this screen.

Table 97 Advanced VPN Policies

LABEL
VPN - IKE
Protocol
Enable Replay
Detection
Local Start Port
End
Remote Start Port
End
Phase 1
Negotiation Mode
252
DESCRIPTION
Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any
protocol.
As a VPN setup is processing intensive, the system is vulnerable to Denial of
Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate
packets to protect against replay attacks. Select YES from the drop-down menu
to enable replay detection, or select NO to disable it.
0 is the default and signifies any port. Type a port number from 0 to 65535. Some
of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25,
SMTP; 110, POP3.
Enter a port number in this field to define a port range. This port number must be
greater than that specified in the previous field. If Local Start Port is left at 0,
End will also remain at 0.
0 is the default and signifies any port. Type a port number from 0 to 65535. Some
of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25,
SMTP; 110, POP3.
Enter a port number in this field to define a port range. This port number must be
greater than that specified in the previous field. If Remote Start Port is left at 0,
End will also remain at 0.
Select Main or Aggressive from the drop-down list box. Multiple SAs connecting
through a secure gateway must have the same negotiation mode.
P-2602H(W)(L)-DxA User's Guide