ZyXEL Communications 202H Network Card User Manual


 
Prestige 202H User’s Guide
26-4 VPN/IPSec Setup
26.4.1 Dynamic Secure Gateway Address
If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as the
secure gateway’s address. In this case only the remote secure gateway can initiate SAs. This may be useful
for telecommuters initiating a VPN tunnel to the company network. See section 26.13 for configuration
examples.
The Secure Gateway IP Address may be configured as 0.0.0.0 only when using IKE
key management and not Manual key management.
26.5 IPSec Summary
Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 — IPSec Summary. This is a summary
read-only menu of your IPSec rules (tunnels). Edit or create an IPSec rule by selecting an index number and
then configuring the associated submenus.
The following figure helps explain the main fields in menu 27.1.
Figure 26-3 IPSec Summary Fields Illustration
Local and remote IP addresses must be static. The VPN initiator local IP address range should be identical to
the peer remote IP address range. Similarly, the VPN initiator remote IP address range should be identical to
the peer local IP address range. If they are not, the connection will fail and this will display in the IPSec log
as a local or remote ID failure.