Ike Setup - ZyXEL Communications Prestige 662H Series User Manual

Prestige 662H/HW Series User's Guide
Table 150
FIELD
IP Addr Start
End/Subnet
Mask
Port Start
End
Enable Replay
Detection
Key
Management
Edit Key
Management
Setup
When you have completed this menu, press [ENTER] at the prompt "
or ESC to Cancel:

45.4 IKE Setup

To edit this menu, the Key Management field in Menu 27.1.1 – IPSec Setup must be set to
IKE. Move the cursor to the Edit Key Management Setup field in Menu 27.1.1 – IPSec
Setup; press [SPACE BAR] to select Yes and then press [ENTER] to display Menu 27.1.1.1
– IKE Setup.
441
Menu 27.1.1 IPSec Setup (continued)
DESCRIPTION
When the Addr Type field is configured to Single, enter a static IP address on the
network behind the remote IPSec router.
When the Addr Type field is configured to Range, enter the beginning (static) IP
address, in a range of computers on the network behind the remote IPSec router.
When the Addr Type field is configured to SUBNET, enter a static IP address on the
network behind the remote IPSec router.
This field displays N/A when you configure the Secure Gateway Address field to
0.0.0.0.
When the Addr Type field is configured to Single, this field is N/A.
When the Addr Type field is configured to Range, enter the end (static) IP address,
in a range of computers on the network behind the remote IPSec router.
When the Addr Type field is configured to SUBNET, enter a subnet mask on the
network behind the remote IPSec router.
This field displays N/A when you configure the Secure Gateway Address field to
0.0.0.0.
0 is the default and signifies any port. Type a port number from 0 to 65535. Someone
behind the remote IPSec router cannot create a VPN tunnel when attempting to
connect using a port number that does not match this port number or range of port
numbers.
Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25,
SMTP; 110, POP3.
Enter a port number in this field to define a port range. This port number must be
greater than that specified in the previous field. This field is N/A when 0 is configured
in the Port Start field.
As a VPN setup is processing intensive, the system is vulnerable to Denial of Service
(DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to
protect against replay attacks. Enable replay detection by setting this field to Yes.
Press [SPACE BAR] to select Yes or No. Choose Yes and press [ENTER] to enable
replay detection.
Press [SPACE BAR] to choose either IKE or Manual and then press [ENTER].
Manual is useful for troubleshooting if you have problems using IKE key
management.
Press [SPACE BAR] to change the default No to Yes and then press [ENTER] to go
to a key management menu for configuring your key management setup (described
later). If you set the Key Management field to IKE, this will take you to Menu 27.1.1.1
– IKE Setup. If you set the Key Management field to Manual, this will take you to
Menu 27.1.1.2 – Manual Setup.
" to save your configuration, or press [ESC] at any time to cancel.
Press ENTER to Confirm
Chapter 45 VPN/IPSec Setup