ZyXEL Communications 100 Series User Manual

 Chapter 4 Wizard Setup

ZyWALL USG 100/200 Series User’s Guide

Active Protocol: ESP is compatible with NAT, AH is not.

Encapsulation: Tunnel is compatible with NAT, Transport is not.

Proposal: 3DES and AES use encryption. The longer the AES key, the higher the security 
(this may affect throughput). Null uses no encryption.

Local Policy (IP/Mask): Type the IP address of a computer on your network. You can also 
specify a subnet. This must match the remote IP address configured on the peer IPSec device.

Incoming Interface: The peer IPSec device connects to the ZyWALL via this interface. 

Remote Policy (IP/Mask): Type the IP address of a computer behind the peer IPSec device. 
You can also specify a subnet. This must match the local IP address configured on the peer 
IPSec device.

Nailed-Up: Select this to have the ZyWALL automatically renegotiate the IPSec SA when the 
SA life time expires.

This read-only screen shows the status of the current VPN setting. Use the summary table to 
check whether what you have configured is correct.

Figure 42   VPN Advanced Wizard: Step 5

The following table describes the labels in this screen.

Table 21   VPN Advanced Wizard: Step 5

Summary

Name

This is the name of the VPN connection (and VPN gateway). 

Secure 
Gateway

This is the WAN IP address or domain name of the remote IPSec router. If this field 
displays 0.0.0.0, only the remote IPSec router can initiate the VPN connection.

Pre-Shared 
Key

This is a pre-shared key identifying a communicating party during a phase 1 IKE 
negotiation. 

Local Policy This is a (static) IP address and Subnet Mask on the LAN behind your ZyWALL.