Filter
Top Products
Chapter 14 IPSec VPN
ZyWALL 2 Plus User’s Guide
237
You can usually provide a static IP address or a domain name for the ZyWALL. Sometimes,
your ZyWALL might also offer another alternative, such as using the IP address of a port or
interface.
You can usually provide a static IP address or a domain name for the remote IPSec router as
well. Sometimes, you might not know the IP address of the remote IPSec router (for example,
telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router
can initiate an IKE SA.
14.2 VPN Rules (IKE)
A VPN (Virtual Private Network) tunnel gives you a secure connection to another computer or
network.
• A gateway policy contains the IKE SA settings. It identifies the IPSec routers at either end
of a VPN tunnel.
• A network policy contains the IPSec SA settings. It specifies which devices (behind the
IPSec routers) can use the VPN tunnel.
Figure 156 Gateway and Network Policies
This figure helps explain the main fields in the VPN setup.
Figure 157 IPSec Fields Summary
Click SECURITY > VPN to display the VPN Rules (IKE) screen. Use this screen to manage
the ZyWALL’s list of VPN rules (tunnels) that use IKE SAs.