ZyXEL Communications P-334U Personal Computer User Manual


 
P-334U/P-335U User’s Guide
Chapter 13 IPSec VPN 163
Remote Address
End /Mask
When the remote IP address is a single address, type it a second time here.
When the remote IP address is a range, enter the end (static) IP address, in a
range of computers on the network behind the remote IPSec router.
When the remote IP address is a subnet address, enter a subnet mask on the
network behind the remote IPSec router.
Remote Port
Start
0 is the default and signifies any port. Type a port number from 0 to 65535. Some
of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25,
SMTP; 110, POP3.
Remote Port End Enter a port number in this field to define a port range. This port number must be
greater than that specified in the previous field. If Remote Port Start is left at 0,
Remote Port End will also remain at 0.
My IP Address Enter the ZyXEL Device's static WAN IP address (if it has one) or leave the field
set to 0.0.0.0.
The ZyXEL Device uses its current WAN IP address (static or dynamic) in setting
up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes
down, the ZyXEL Device uses the dial backup IP address for the VPN tunnel when
using dial backup or the LAN IP address when using traffic redirect.
Otherwise, you can enter one of the dynamic domain names that you have
configured (in the DDNS screen) to have the ZyXEL Device use that dynamic
domain name's IP address.
The VPN tunnel has to be rebuilt if My IP Address changes after setup.
Secure Gateway
Address
Type the WAN IP address or the domain name (up to 31 characters) of the IPSec
router with which you're making the VPN connection. Set this field to 0.0.0.0 if the
remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode
field must be set to IKE).
In order to have more than one active rule with the Secure Gateway Address
field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between
rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field
and the LAN’s full IP address range as the local IP address, then you cannot
configure any other active rules with the Secure Gateway Address field set to
0.0.0.0.
Note: You can also enter a remote secure gateway’s domain name
in the Secure Gateway Address field if the remote secure
gateway has a dynamic WAN IP address and is using
DDNS. The ZyXEL Device has to rebuild the VPN tunnel
each time the remote secure gateway’s WAN IP address
changes (there may be a delay until the DDNS servers are
updated with the remote gateway’s new WAN IP address).
SPI Type a unique SPI (Security Parameter Index) from one to four characters long.
Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".
Encapsulation
Mode
Select Tunnel mode or Transport mode from the drop-down list box.
Enable Replay
Detection
As a VPN setup is processing intensive, the system is vulnerable to Denial of
Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate
packets to protect against replay attacks. Select YES from the drop-down menu to
enable replay detection, or select NO to disable it.
Table 54 Security > VPN > Rule Setup: Manual (continued)
LABEL DESCRIPTION