Vpn Rules (Manual) > Edit; Security Parameter Index (Spi) - ZyXEL Communications Vantage CNM User Manual
Centralized network management
Hide thumbs
Also See for Vantage CNM:
- User manual (433 pages) ,
- Quick start manual (36 pages) ,
- Quick start manual (69 pages)
Table of Contents
Advertisement
Table 72 Configuration > VPN > Manual-Key IPSec (continued)
LABEL
Active
Local Network
Remote Network
Encap.
IPSec Algorithm
Remote Gateway
Address
Add
Delete
11.15.1 VPN Rules (Manual) > Edit
Manual key management is useful if you have problems with IKE key management.
11.15.1.1 Security Parameter Index (SPI)
An SPI is used to distinguish different SAs terminating at the same destination and using the
same IPSec protocol. This data allows for the multiplexing of SAs to a single gateway. The
SPI (Security Parameter Index) along with a destination IP address uniquely identify a
particular Security Association (SA). The SPI is transmitted from the remote VPN gateway to
the local VPN gateway. The local VPN gateway then uses the network, encryption and key
values that the administrator associated with the SPI to establish the tunnel.
Chapter 11 Configuration > VPN
DESCRIPTION
This field displays whether the VPN policy is active or not. A true signifies that this
VPN policy is active; false signifies that this VPN policy is not active.
This is the IP address(es) of computer(s) on your local network behind your
ZyWALL.
The same (static) IP address is displayed twice when the Local Network Address
Type field in the VPN - Manual Key - Edit screen is configured to Single Address.
The beginning and ending (static) IP addresses, in a range of computers are
displayed when the Local Network Address Type field in the VPN - Manual Key -
Edit screen is configured to Range Address.
A (static) IP address and a subnet mask are displayed when the Local Network
Address Type field in the VPN - Manual Key - Edit screen is configured to Subnet
Address.
This is the IP address(es) of computer(s) on the remote network behind the remote
IPSec router.
This field displays N/A when the Remote Gateway Address field displays 0.0.0.0.
In this case only the remote IPSec router can initiate the VPN.
The same (static) IP address is displayed twice when the Remote Network
Address Type field in the VPN - Manual Key - Edit screen is configured to Single
Address.
The beginning and ending (static) IP addresses, in a range of computers are
displayed when the Remote Network Address Type field in the VPN - Manual Key
- Edit screen is configured to Range Address.
A (static) IP address and a subnet mask are displayed when the Remote Network
Address Type field in the VPN - Manual Key - Edit screen is configured to Subnet
Address.
This field displays Tunnel or Transport mode (Tunnel is the default selection).
This field displays the security protocols used for an SA.
Both AH and ESP increase ZyWALL processing requirements and communications
latency (delay).
This is the static WAN IP address or domain name of the remote IPSec router.
Click Add to add a new VPN policy.
Select a policy and click Delete to remove the VPN policy. A window displays
asking you to confirm that you want to delete the VPN rule. When a VPN policy is
deleted, subsequent policies move up in the page list.
Vantage CNM User's Guide
202
Advertisement
Table of Contents
