Can The P-660Ru-Tx's Sua (Simple Ip) Handle Ipsec Packets Sent By The Ipsec Gateway; How Do I Setup P-660Ru-Tx For Routing Ipsec Packets Over Sua - ZyXEL Communications P-660RU-Tx Series Support Notes

Adsl2+ ethernet/usb router

Hide thumbs Also See for P-660RU-Tx Series:

Table of Contents

15. Can the P-660RU-Tx's SUA (Simple IP) handle IPSec packets sent by

the IPSec gateway?

Yes, the P-660RU-Tx's SUA can handle IPSec ESP Tunneling mode. We know

when packets go through SUA; SUA will change the source IP address and

source port for the host. To pass IPSec packets, SUA must understand the ESP

packet with protocol number 50; replace the source IP address of the IPSec

gateway to the router's WAN IP address. However, SUA should not change the

source port of the UDP packets which are used for key managements. Because

the remote gateway checks this source port during connections, the port thus is

not allowed to be changed.

For outgoing IPSec tunnels, no extra setting is required.

For forwarding the inbound IPSec ESP tunnel, A 'Default' server set is required .

You could configure it in Web Configurator, Advanced Setup, Advanced Setup

-> NAT -> DMZ:

Note: First we should set Number of IPs as Single for SUA use.

It is because SUA makes your LAN appear as a single machine to the outside

world. LAN users are invisible to outside users. So, to make an internal server

for outside access, we must specify the service port and the LAN IP of this

server in Web configuration page. Thus SUA is able to forward the incoming

packets to the requested service behind SUA and the outside users access

the server using the P-660RU-Tx's WAN IP address. So, we have to configure

the internal IPSec client as a default server (unspecified service port) when it

acts a server gateway.

P-660RU-Tx Series Support Note s

Table of Contents