ZyXEL nbg-5715 Betriebsanweisung
Chapter 18 IPSec VPN
NBG5715 User’s Guide
137
Local Policy
Local IP addresses must be static and correspond to the remote IPSec router's
configured remote IP addresses.
configured remote IP addresses.
Two active SAs can have the same configured local or remote IP address, but not
both. You can configure multiple SAs between the same local and remote IP
addresses, as long as only one is active at any time.
both. You can configure multiple SAs between the same local and remote IP
addresses, as long as only one is active at any time.
In order to have more than one active rule with the Secure Gateway
Address field set to 0.0.0.0, the ranges of the local IP addresses
cannot overlap between rules.
Address field set to 0.0.0.0, the ranges of the local IP addresses
cannot overlap between rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway
Address field and the LAN’s full IP address range as the local IP
address, then you cannot configure any other active rules with the
Secure Gateway Address field set to 0.0.0.0.
Local Address
For a single IP address, enter a (static) IP address on the LAN behind your
NBG5715.
NBG5715.
For a specific range of IP addresses, enter the beginning (static) IP address, in a
range of computers on your LAN behind your NBG5715.
range of computers on your LAN behind your NBG5715.
To specify IP addresses on a network by their subnet mask, enter a (static) IP
address on the LAN behind your NBG5715.
address on the LAN behind your NBG5715.
Local Address
End /Mask
End /Mask
When the local IP address is a single address, type it a second time here.
When the local IP address is a range, enter the end (static) IP address, in a
range of computers on the LAN behind your NBG5715.
range of computers on the LAN behind your NBG5715.
When the local IP address is a subnet address, enter a subnet mask on the LAN
behind your NBG5715.
behind your NBG5715.
Remote Policy
Remote IP addresses must be static and correspond to the remote IPSec router's
configured local IP addresses.
configured local IP addresses.
The remote fields do not apply when the
Secure Gateway IP Address field is configured to 0.0.0.0. In this
case only the remote IPSec router can initiate the VPN.
Two active SAs cannot have the local and remote IP address(es) both the same.
Two active SAs can have the same local or remote IP address, but not both. You
can configure multiple SAs between the same local and remote IP addresses, as
long as only one is active at any time.
Two active SAs can have the same local or remote IP address, but not both. You
can configure multiple SAs between the same local and remote IP addresses, as
long as only one is active at any time.
Remote Address
Start
Start
For a single IP address, enter a (static) IP address on the network behind the
remote IPSec router.
remote IPSec router.
For a specific range of IP addresses, enter the beginning (static) IP address, in a
range of computers on the network behind the remote IPSec router.
range of computers on the network behind the remote IPSec router.
To specify IP addresses on a network by their subnet mask, enter a (static) IP
address on the network behind the remote IPSec router.
address on the network behind the remote IPSec router.
Remote Address
End /Mask
End /Mask
When the remote IP address is a single address, type it a second time here.
When the remote IP address is a range, enter the end (static) IP address, in a
range of computers on the network behind the remote IPSec router.
range of computers on the network behind the remote IPSec router.
When the remote IP address is a subnet address, enter a subnet mask on the
network behind the remote IPSec router.
network behind the remote IPSec router.
Authentication Method
Table 55
Security > IPSec VPN > General > Edit: Manual
(continued)
LABEL
DESCRIPTION