1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. P-661HNU-F1
    5. /
  5. 45
Page 221 / 404 Scroll up to view Page 216 - 220
Chapter 16 VPN
P-661HNU-Fx User’s Guide
221
Remote
Address
This field will display the Secure Gateway Address of the IPSec router
with which you're making the VPN connection
IPSec
Algorithm
This field displays the encryption algorithm used for an SA.
Both
AH
and
ESP
increase ZyXEL Device processing requirements and
communications latency (delay).
Modify
Click the
Edit
icon to go to the screen where you can edit the VPN
configuration.
Click the
Remove
icon to remove an existing VPN configuration.
Apply
Click this
to save your changes and apply them to the ZyXEL Device.
Cancel
Click this return your settings to their last saved values.
Table 57
Security > VPN > Setup (continued)
LABEL
DESCRIPTION
Page 222 / 404
Chapter 16 VPN
P-661HNU-Fx User’s Guide
222
16.3
The VPN Edit Screen
Click on
Add New Tunnel
in the
VPN Setup
screen or click on the
Edit
icon to
edit VPN policies. Both commands share the same screen.
Figure 98
Security > VPN > Setup > Edit
The following table describes the fields in this screen.
Table 58
Security > VPN > Setup > Edit
LABEL
DESCRIPTION
IPSec Setup
Active
Select this check box to activate this VPN policy. This option
determines whether a VPN rule is applied before a packet leaves the
firewall.
NAT Traversal
Select this check box if you want to set up a VPN tunnel when there are
NAT routers between the ZyXEL Device and remote IPSec router. The
remote IPSec router must also enable NAT traversal, and the NAT
routers have to forward UDP port 4500 packets to the remote IPSec
router behind the NAT router.
Page 223 / 404
Chapter 16 VPN
P-661HNU-Fx User’s Guide
223
Tunnel Name
Type up to 32 characters to identify this VPN policy. You may use any
character, including spaces, but the ZyXEL Device drops trailing spaces.
Mode
Select
net-net
or
Roadwarrior
from the drop-down list box. Multiple
SAs connecting through a secure gateway must have the same
negotiation mode.
Local
Specify the IP addresses of the devices behind the ZyXEL Device that
can use the VPN tunnel. The local IP addresses must correspond to the
remote IPSec router's configured remote IP addresses.
Two active SAs cannot have the local and remote IP address(es) both
the same. Two active SAs can have the same local or remote IP
address, but not both. You can configure multiple SAs between the
same local and remote IP addresses, as long as only one is active at
any time.
Local Address
Type
Use the drop-down menu to choose
Single
, or
Subnet
. Select
Single
for a single IP address. Select
Subnet
to specify IP addresses based on
the subnet mask.
IP Address Start
When the
Local Address Type
field is configured to
Single
, enter a
(static) IP address on the LAN behind your ZyXEL Device. When the
Local Address Type
field is configured to
Subnet
, enter an IP
address on the LAN behind your ZyXEL Device.
End / Subnet
Mask
When the
Local Address Type
field is configured to
Single
, this field
is N/A. When the
Local Address Type
field is configured to
Subnet
,
enter the subnet of the LAN behind your ZyXEL Device.
Remote
Specify the IP addresses of the devices behind the remote IPSec router
that can use the VPN tunnel. The remote IP addresses must correspond
to the remote IPSec router's configured local IP addresses.
Two active SAs cannot have the local and remote IP address(es) both
the same. Two active SAs can have the same local or remote IP
address, but not both. You can configure multiple SAs between the
same local and remote IP addresses, as long as only one is active at
any time.
Remote Address
Type
Use the drop-down menu to choose
Single
, or
Subnet
. Select
Single
for a single IP address. Select
Subnet
to specify IP addresses based on
the subnet mask.
IP Address Start
When the
Remote Address Type
field is configured to
Single
, enter a
(static) IP address on the network behind the remote IPSec router.
When the
Remote Address Type
field is configured to
Subnet
, enter
an IP Address on the LAN behind the IPSec router.
End / Subnet
Mask
When the
Remote Address Type
field is configured to
Single
, this
field is N/A. When the
Remote Address Type
field is configured to
Subnet
, enter the subnet of the LAN behind the IPSec router.
Address
Information
WAN Interface
The interface used to connect to the internet
My IP Address
My IP Address only shows the IP of the selected interface. There is no
need to modify this information.
Table 58
Security > VPN > Setup > Edit
LABEL
DESCRIPTION
Page 224 / 404
Chapter 16 VPN
P-661HNU-Fx User’s Guide
224
Secure Gateway
Address
Type the WAN IP address or the URL (up to 31 characters) of the IPSec
router with which you're making the VPN connection.
If you are not sure of this information you can leave it blank, but do
not use 0.0.0.0.
Local ID
Select
IP
to identify this ZyXEL Device by its IP address.
Select
DNS
to identify this ZyXEL Device by a domain name.
Select
E-mail
to identify this ZyXEL Device by an e-mail address.
Content
When you select
IP
in the
Local ID Type
field, type the IP address of
your computer in the local
Content
field. The ZyXEL Device
automatically uses the IP address in the
My IP Address
field (refer to
the
My IP Address
field description) if you configure the local
Content
field to
0.0.0.0
or leave it blank.
It is recommended that you type an IP address other than
0.0.0.0
in
the local
Content
field or use the
DNS
or
E-mail
ID type in the
following situations:
When there is a NAT router between the two IPSec routers.
When you want the remote IPSec router to be able to
distinguish between VPN connection requests that come in
from IPSec routers with dynamic WAN IP addresses.
When you select
DNS
or
E-mail
in the
Local ID Type
field,
type a domain name or e-mail address by which to identify this
ZyXEL Device in the local
Content
field. Use up to 31 ASCII
characters including spaces, although trailing spaces are
truncated. The domain name or e-mail address is for
identification purposes only and can be any string.
Remote ID
Select
IP
to identify the remote IPSec router by its IP address.
Select
DNS
to identify the remote IPSec router by a domain name.
Select
E-mail
to identify the remote IPSec router by an e-mail
address.
Table 58
Security > VPN > Setup > Edit
LABEL
DESCRIPTION
Page 225 / 404
Chapter 16 VPN
P-661HNU-Fx User’s Guide
225
Content
The configuration of the peer content depends on the peer ID type.
For
IP
, type the IP address of the computer with which you will make
the VPN connection. If you configure this field to
0.0.0.0
or leave it
blank, the ZyXEL Device will use the address in the
Secure Gateway
Address
field (refer to the
Secure Gateway Address
field
description).
For
DNS
or
E-mail
, type a domain name or e-mail address by which to
identify the remote IPSec router. Use up to 31 ASCII characters
including spaces, although trailing spaces are truncated. The domain
name or e-mail address is for identification purposes only and can be
any string.
It is recommended that you type an IP address other than
0.0.0.0
or
use the
DNS
or
E-mail
ID type in the following situations:
When there is a NAT router between the two IPSec routers.
When you want the ZyXEL Device to distinguish between VPN
connection requests that come in from remote IPSec routers
with dynamic WAN IP addresses.
Security Protocol
Pre-Shared Key
Click the button to use a pre-shared key for authentication, and type in
your pre-shared key. A pre-shared key identifies a communicating
party during a phase 1 IKE negotiation. It is called "pre-shared"
because you have to share it with another party before you can
communicate with them over a secure connection.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62
hexadecimal ("0-9", "A-F") characters. You must precede a
hexadecimal key with a "0x” (zero x), which is not counted as part of
the 16 to 62 character range for the key. For example, in
"0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal
and “0123456789ABCDEF” is the key itself.
Both ends of the VPN tunnel must use the same pre-shared key. You
will receive a “PYLD_MALFORMED” (payload malformed) packet if the
same pre-shared key is not used on both ends.
Certificate
Click the button to use a certificate for authentication. Select the
certificate you want to use from the list. You can create, import and
configure certificates in the
Security > Certificates
screens.
Advanced Setup
Click
Advanced Setup
to configure more detailed settings of your IKE
key management.
Apply
Click
Apply
to save your changes back to the ZyXEL Device.
Back
Click
Back
to return to the previous screen.
Table 58
Security > VPN > Setup > Edit
LABEL
DESCRIPTION

Rate

4 / 5 based on 1 vote.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top