ZyXEL Communications NBG-5715 User Manual page 138

Chapter 18 IPSec VPN
Security > IPSec VPN > General > Edit: Manual
Table 55
LABEL
My IP Address
Secure Gateway
Address
IPSec Algorithm
SPI
Encryption
Algorithm
Encryption Key
Authentication
Algorithm
Authentication
Key
Encapsulation
Mode
138
DESCRIPTION
Enter the NBG5715's static WAN IP address (if it has one) or leave the field set to
0.0.0.0.
The NBG5715 uses its current WAN IP address (static or dynamic) in setting up
the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes
down, the NBG5715 uses the dial backup IP address for the VPN tunnel when
using dial backup or the LAN IP address when using traffic redirect.
Otherwise, you can enter one of the dynamic domain names that you have
configured (in the DDNS screen) to have the NBG5715 use that dynamic domain
name's IP address.
The VPN tunnel has to be rebuilt if My IP Address changes after setup.
Type the WAN IP address or the domain name (up to 31 characters) of the IPSec
router with which you're making the VPN connection.
if the remote IPSec router has a dynamic WAN IP address (the IPSec
Keying Mode field must be set to IKE).
In order to have more than one active rule with the Secure Gateway
Address field set to 0.0.0.0, the ranges of the local IP addresses
cannot overlap between rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway
Address field and the LAN's full IP address range as the local IP
address, then you cannot configure any other active rules with the
Secure Gateway Address field set to 0.0.0.0.
You can also enter a remote secure gateway's domain name in the
Secure Gateway Address field if the remote secure gateway has
a dynamic WAN IP address and is using DDNS. The NBG5715 has
to rebuild the VPN tunnel each time the remote secure gateway's
WAN IP address changes (there may be a delay until the DDNS
servers are updated with the remote gateway's new WAN IP
address).
Type a unique SPI (Security Parameter Index) from one to four characters long.
Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".
Select which key size and encryption algorithm to use in the IKE SA. Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
The NBG5715 and the remote IPSec router must use the same algorithms and
keys. Longer keys require more processing power, resulting in increased latency
and decreased throughput.
This field is applicable when you select ESP in the IPSec Protocol field above.
With DES, type a unique key 8 characters long. With 3DES, type a unique key
24 characters long. Any characters may be used, including spaces, but trailing
spaces are truncated.
Select which hash algorithm to use to authenticate packet data in the IPSec SA.
Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5,
but it is also slower.
Type a unique authentication key to be used by IPSec if applicable. Enter 16
characters for MD5 authentication or 20 characters for SHA-1 authentication.
Any characters may be used, including spaces, but trailing spaces are truncated.
Select Tunnel mode or Transport mode from the drop-down list box.
(continued)
Set this field to 0.0.0.0
NBG5715 User's Guide