Filter
Top Products
P-334U/P-335U User’s Guide
Chapter 13 IPSec VPN 157
My IP Address Enter the ZyXEL Device's static WAN IP address (if it has one) or leave the field
set to 0.0.0.0.
The ZyXEL Device uses its current WAN IP address (static or dynamic) in
setting up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN
connection goes down, the ZyXEL Device uses the dial backup IP address for
the VPN tunnel when using dial backup or the LAN IP address when using
traffic redirect.
Otherwise, you can enter one of the dynamic domain names that you have
configured (in the DDNS screen) to have the ZyXEL Device use that dynamic
domain name's IP address.
The VPN tunnel has to be rebuilt if My IP Address changes after setup.
Local ID Type Select IP to identify this ZyXEL Device by its IP address.
Select DNS to identify this ZyXEL Device by a domain name.
Select E-mail to identify this ZyXEL Device by an e-mail address.
Local Content When you select IP in the Local ID Type field, type the IP address of your
computer in the Local Content field. The ZyXEL Device automatically uses the
IP address in the My IP Address field (refer to the My IP Address field
description) if you configure the Local Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the Local
Content field or use the Domain Name or E-mail ID type in the following
situations.
• When there is a NAT router between the two IPSec routers.
• When you want the remote IPSec router to be able to distinguish between
VPN connection requests that come in from IPSec routers with dynamic
WAN IP addresses.
When you select Domain Name or E-mail in the Local ID Type field, type a
domain name or e-mail address by which to identify this ZyXEL Device in the
Local Content field. Use up to 31 ASCII characters including spaces, although
trailing spaces are truncated. The domain name or e-mail address is for
identification purposes only and can be any string.
Secure Gateway
Address
Type the WAN IP address or the domain name (up to 31 characters) of the
IPSec router with which you're making the VPN connection. Set this field to
0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the IPSec
Keying Mode field must be set to IKE).
In order to have more than one active rule with the Secure Gateway Address
field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between
rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address
field and the LAN’s full IP address range as the local IP address, then you
cannot configure any other active rules with the Secure Gateway Address field
set to 0.0.0.0.
Note: You can also enter a remote secure gateway’s domain
name in the Secure Gateway Address field if the remote
secure gateway has a dynamic WAN IP address and is
using DDNS. The ZyXEL Device has to rebuild the VPN
tunnel each time the remote secure gateway’s WAN IP
address changes (there may be a delay until the DDNS
servers are updated with the remote gateway’s new WAN
IP address).
Peer ID Type Select IP to identify the remote IPSec router by its IP address.
Select DNS to identify the remote IPSec router by a domain name.
Select E-mail to identify the remote IPSec router by an e-mail address.
Table 53 Security > VPN > Rule Setup: IKE (Advanced) (continued)
LABEL DESCRIPTION