ZyXEL Communications X550N - V3.60 User Manual page 182

Chapter 15 IPSec VPN
Table 66 Security > VPN > Rule Setup: Manual (continued)
LABEL
Remote Address
End /Mask
Remote Port Start
Remote Port End
My IP Address
Secure Gateway
Address
SPI
Encapsulation
Mode
Enable Replay
Detection
182
DESCRIPTION
When the remote IP address is a single address, type it a second time here.
When the remote IP address is a range, enter the end (static) IP address, in a
range of computers on the network behind the remote IPSec router.
When the remote IP address is a subnet address, enter a subnet mask on the
network behind the remote IPSec router.
0 is the default and signifies any port. Type a port number from 0 to 65535. Some
of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25,
SMTP; 110, POP3.
Enter a port number in this field to define a port range. This port number must be
greater than that specified in the previous field. If Remote Port Start is left at 0,
Remote Port End will also remain at 0.
Enter the X550N's static WAN IP address (if it has one) or leave the field set to
0.0.0.0.
The X550N uses its current WAN IP address (static or dynamic) in setting up the
VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes down, the
X550N uses the dial backup IP address for the VPN tunnel when using dial
backup or the LAN IP address when using traffic redirect.
Otherwise, you can enter one of the dynamic domain names that you have
configured (in the DDNS screen) to have the X550N use that dynamic domain
name's IP address.
The VPN tunnel has to be rebuilt if My IP Address changes after setup.
Type the WAN IP address or the domain name (up to 31 characters) of the IPSec
router with which you're making the VPN connection. Set this field to 0.0.0.0 if the
remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode
field must be set to IKE).
In order to have more than one active rule with the Secure Gateway Address
field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between
rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field
and the LAN's full IP address range as the local IP address, then you cannot
configure any other active rules with the Secure Gateway Address field set to
0.0.0.0.
Note: You can also enter a remote secure gateway's domain name
in the Secure Gateway Address field if the remote secure
gateway has a dynamic WAN IP address and is using DDNS.
The X550N has to rebuild the VPN tunnel each time the
remote secure gateway's WAN IP address changes (there
may be a delay until the DDNS servers are updated with the
remote gateway's new WAN IP address).
Type a unique SPI (Security Parameter Index) from one to four characters long.
Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".
Select Tunnel mode or Transport mode from the drop-down list box.
As a VPN setup is processing intensive, the system is vulnerable to Denial of
Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate
packets to protect against replay attacks. Select Yes from the drop-down menu to
enable replay detection, or select No to disable it.
X550N Series User's Guide