ZyWALL 2
36
Remote:
Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The
remote fields do not apply when the
Secure Gateway Address
field is configured to
0.0.0.0
. In this case only the remote
IPSec router can initiate the VPN.
Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local
or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as
long as only one is active at any time.
Address Type
Use the drop-down menu to choose
Single Address
,
Range Address
, or
Subnet Address
. Select
Single Address
with a single IP address. Select
Range Address
for a specific range of IP
addresses. Select
Subnet Address
to specify IP addresses on a network by their subnet mask.
Starting IP Address
When the
Address Type
field is configured to
Single Address
, enter a (static) IP address on the
network behind the remote IPSec router. When the Addr Type field is configured to
Range Address
,
enter the beginning (static) IP address, in a range of computers on the network behind the remote
IPSec router. When the
Address Type
field is configured to
Subnet Address
, enter a (static) IP
address on the network behind the remote IPSec router.
Ending IP Address/
Subnet Mask
When the
Address Type
field is configured to
Single Address
, this field is N/A. When the
Address
Type
field is configured to
Range Address
, enter the end (static) IP address, in a range of computers
on the network behind the remote IPSec router. When the
Address Type
field is configured to
Subnet Address
, enter a subnet mask on the network behind the remote IPSec router.
DNS Server (for
IPSec VPN)
If there is a private DNS server that services the VPN, type its IP address here. The ZyWALL assigns
this additional DNS server to the ZyWALL's DHCP clients that have IP addresses in this IPSec rule's
range of local addresses.
A DNS server allows clients on the VPN to find other computers and servers on the VPN by their
(private) domain names.
Authentication Key
Pre-Shared Key
Select the
Pre-Shared Key
radio button and type your pre-shared key in this field. A pre-shared key
identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because
you have to share it with another party before you can communicate with them over a secure
connection.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "A-F")
characters. You must precede a hexadecimal key with a "0x” (zero x), which is not counted as part of
the 16 to 62 character range for the key. For example, in "0x0123456789ABCDEF", “0x” denotes that
the key is hexadecimal and “0123456789ABCDEF” is the key itself.
Both ends of the VPN tunnel must use the same pre-shared key. You will receive a
“PYLD_MALFORMED” (payload malformed) packet if the same pre-shared key is not used on both
ends.