Support User Manuals

ZyXEL Communications ZyWALL 2 Series Network Card User Manual

Open as PDF

of 614

ZyWALL 2 Series User’s Guide

VPN Screens 14-31

Table 14-9 VPN Manual Setup

LABEL DESCRIPTION

Remote:

Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP

addresses.

Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have

the same local or remote IP address, but not both. You can configure multiple SAs between the same local

and remote IP addresses, as long as only one is active at any time.

Address Type

Use the drop-down list box to choose Single Address, Range Address, or Subnet

Address. Select Single Address with a single IP address. Select Range Address

for a specific range of IP addresses. Select Subnet Address to specify IP addresses

on a network by their subnet mask.

Starting IP

Address

When the Address Type field is configured to Single Address, enter a (static) IP

address on the network behind the remote IPSec router. When the Addr Type field is

configured to Range Address, enter the beginning (static) IP address, in a range of

computers on the network behind the remote IPSec router. When the Address Type

field is configured to Subnet Address, enter a (static) IP address on the network

behind the remote IPSec router.

Ending IP

Address/Subnet

Mask

When the Address Type field is configured to Single Address, this field is N/A.

When the Address Type field is configured to Range Address, enter the end (static)

IP address, in a range of computers on the network behind the remote IPSec router.

When the Address Type field is configured to Subnet Address, enter a subnet

mask on the network behind the remote IPSec router.

DNS Server (for

IPSec VPN)

If there is a private DNS server that services the VPN, type its IP address here. The

ZyWALL assigns this additional DNS server to the ZyWALL's DHCP clients that have

IP addresses in this IPSec rule's range of local addresses.

A DNS server allows clients on the VPN to find other computers and servers on the

VPN by their (private) domain names.

My IP Address Enter the WAN IP address of your ZyWALL. The VPN tunnel has to be rebuilt if this

IP address changes.

The following applies if this field is configured as 0.0.0.0:

 The ZyWALL uses the current ZyWALL WAN IP address (static or dynamic) to

set up the VPN tunnel.

 If the WAN connection goes down, the ZyWALL uses the dial backup IP

address for the VPN tunnel when using dial backup or the LAN IP address when

using traffic redirect. See the chapter on WAN for details on dial backup and

traffic redirect.

previous next