ZyXEL Communications 2 Plus User Manual

Chapter 14 IPSec VPN

ZyWALL 2 Plus User’s Guide

Once the ZyWALL and remote IPSec router have established the IKE SA, they can securely 
negotiate an IPSec SA through which to send data between computers on the networks.

"

The IPSec SA stays connected even if the underlying IKE SA is not available 
anymore.

This section introduces the key components of an IPSec SA.

In an IPSec SA, the local network consists of devices connected to the ZyWALL and may be 
called the local policy. Similarly, the remote network consists of the devices connected to the 
remote IPSec router and may be called the remote policy.
You can configure a remote network as 0.0.0.0 (any) when:

• Forwarding all outgoing traffic to the remote gateway.
• The remote network's addresses are unknown or there are many remote networks using 

one VPN rule (see 

 for an example of telecommuters sharing 

one VPN rule).

"

It is not recommended to set a VPN rule’s local and remote network settings 
both to 0.0.0.0 (any). 

Associated 

Network Policies

The following table shows the policy(ies) you configure for this rule. 
To add a VPN policy, click the add network policy (

) icon in the VPN Rules 

(IKE) screen (see 

). Refer to 

for more information.

#

This field displays the policy index number. 

Name

This field displays the policy name. 

Local Network 

This field displays one or a range of IP address(es) of the computer(s) behind the 

ZyWALL. 

Remote Network

This field displays one or a range of IP address(es) of the remote network behind 

the remote IPsec router. 

Apply

Click Apply to save your changes back to the ZyWALL.

Cancel

Click Cancel to exit this screen without saving.

Table 67   SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy  (continued)