52

2.

Configure PPTP Settings following the instructions below.

L2TP

Choose Enable/Disable to enable/disable L2TP.

MTU

Enter MTU value. The default value is 1482 bytes.

VPN Start IP Address

Enter the VPN start IP address. The default value is 192.168.39.1.

Max VPN Clients

Enter the max VPN clients.

Auto DNS

Choose Enable/Disable to enable/disable Auto DNS.

DNS

Enter DNS server if you choose Disable for Auto DNS.

CHAP Enable

Choose Enable/Disable to enable/disable CHAP for VPN authentication.

Proxy ARP Enable

Choose Enable/Disable to enable/disable Proxy ARP.

NAT Enable

Choose Enable/Disable to enable/disable NAT.

7.7.2

Add VPN / L2TP Rule

3.

Click on [Add] tab. You will see the following screen.

4.

Configure [Add PPTP] Settings following the instructions below.

Sequence Number

This defines the sequence of the PPTP rules.

Rule Enable

Enable/Disable this PPTP rule

User Name

Enter PPTP user name.

Password

Enter PPTP password.

53

7.8

VPN / IPsec SETUP

7.8.1

VPN / IPsec Settings

1.

Click on [Security]

–

[VPN / IPsec] tab. You will see the following screen.

2.

Configure IPsec Settings following the instructions below.

IPsec

Select Enable/Disable to enable/disable IPsec.

54

7.8.2

Add VPN / IPsec Rule

1.

Click on [Add] tab. You will see the following screen.

55

2.

Configure [Add - IPsec] Settings following the instructions below.

Sequence Number

This defines the sequence of the IPsec rules.

Connection Name

Name of the IPsec rule.

Rule Enable

Enable/Disable this IPsec rule

VPN Mode

Net-to-Net or Road Warrior

Local External Interface

Select the external WAN for the local VPN gateway.

Local Internal IP Address

Select the subnet IP address for the VPN gateway.

Local Netmask

Select the netmask for the local VPN gateway.

Remote Gateway

Enter the IP address or domain name of the remote VPN gateway. This option is

needed in Net-to-Net mode.

Remote Subnet IP

Enter the subnet IP address of the remote VPN gateway. This option is needed in

Net-to-Net mode.

Remote Netmask

Enter the subnet netmask of the remote VPN gateway. This option is needed in

Net-to-Net mode.

Connection Initiation

Check the local VPN gateway to initiate the connection. This option is needed in

Net-to-Net mode.

IKE Key Mode

PSK.

Preshared Key

Enter the preshared key. The key should be at least 8-digit ASCII string.

L2TP Enable

Check the local VPN gateway to enable L2TP. This option is needed in Road

Warrior mode.

Advanced Options

Check it if you need to configure the advanced options.

Phase 1 Mode

Main.

Phase 1 ID

Enter the phase 1 ID.

Phase 1 Lifetime

Enter the phase 1 lifetime. This value is between 3600 and 28800 seconds.

Phase 2 Lifetime

Enter the phase 2 lifetime. This value is between 3600 and 28800 seconds.

Phase 1 Authentication

Select the phase 1 authentication as MD5 or SHA1. (SHA1 recommended)

Phase I Encryption

Select the phase 1 encryption as DES, 3DES or AES. (AES recommended)

Phase 1 Group Key

Management

Select the phase 1 group key management as DH1, DH2 or DH5.

Phase 2 Authentication

Select the phase 2 authentication as MD5 or SHA1. (SHA1 recommended)

Phase 2 Encryption

Select the phase 2 encryption as DES, 3DES or AES. (AES recommended)

Phase 2 Group Key

Management

Select the phase 2 group key management as DH1, DH2 or DH5.

56

CHAPTER8 APPLICATIONS SETTINGS

8.1

PORT RANGE FORWARD SETUP

By activating the port range forwarding function, remote users can access the local network via the public IP address.

Users can assign a specific external port range to a local server. Furthermore, users can specify an internal port range

associated in a port range forwarding rule. When the ZyXEL VFG6005 Series VPN Firewall Gateway receives an external

request to access any one of the configured external ports, it will redirect the request to the corresponding internal server

and change its destination port to one of the internal ports specified. Therefore, if users do not wish for destination port to

be changed for a request, the internal port range should be left empty.

Certain applications in a LAN are available only after activating the port range forwarding, including servers and online

gaming. When an Internet request wants to access a port, the ZyXEL VFG6005 Series VPN Firewall Gateway will dispatch

it to the IP specified. Due to security reasons, users are suggested to limit the use of port range forwarding, and cancel it

when the application is not used.

By enabling DMZ Host Function, you can set up a DMZ host at a particular computer exposed to the Internet. In this way,

some applications, especially online games (if the traffic port numbers of the applications are always changing), can be

easily accessed.