ZyXEL Communications 2602HWNLI-D7A Modem User Manual


 
Prestige 2602HWNLI-D7A Support Notes
All contents copyright (c) 2007 ZyXEL Communications Corporation.
211
VPN client: 10.1.33.33
NAT router WAN IP: 202.132.154.2
Prestige WAN: 202.132.154.3
Since the VPN client is behind a NAT router, it must have a private IP address in most case. This may
cause the VPN client to send it's private IP address as the content of it's phase 1 ID. So you have to
configure Prestige's secure gateway's phase 1 ID as the private IP address of the VPN client.
How can I keep a tunnel alive?
To keep a tunnel alive, you can check "keep alive" option when configuring your VPN tunnel. With this
option, whenever phase 2 SA lifetime is due, IKE negotiation procedure will be invoked automatically
even without traffic to make the connection stay.
But to reduce the consumption of system resource, if VPN tunnels get disconnected either manually, by
idle timer, or because of power cycle, packet triggering is still necessary to make the tunnel up.
Single, Range, Subnet, which types of IP address do Prestige 10/10II/10W/50/100 support
in VPN/IPSec?
The mentioned Prestige series support all of the types. In other words, you can specify a single PC, a
range of PCs or even a network of PCs to utilize the VPN/IPSec service.
Can Prestige support IPSec passthrough?
Yes, Prestige can support IPSec passthrough. Prestige series don't only support IPSec/VPN gateway, it
can also be a NAT router supporting IPSec passthrough.
If the VPN connection is initiated from the security gateway behind Prestige, no configuration is
necessary for NAT nor Firewall.
If the VPN connection is initiated from the security gateway outside of Prestige, NAT port forwarding
and Firewall forwarding are necessary.
To configure NAT port forwarding, please go to WEB interface, Setup/ "SUA/NAT", put the secure
gateway's IP address in default server.
To configure Firewall forwarding, please go to WEB interface, Setup/Firewall, select Packet Direction to
WAN to LAN, and create a firewall rule the forwards IKE(UDP:500).