ZyXEL Communications VSG1432-B101 Series User Manual
Chapter 21 IPSec
VSG1432-B101 Series User’s Guide
255
Tunnel access
from local IP
addresses
from local IP
addresses
Specify the IP addresses of the devices behind the ZyXEL Device that
can use the VPN tunnel. The local IP addresses must correspond to the
remote IPSec router's configured remote IP addresses.
can use the VPN tunnel. The local IP addresses must correspond to the
remote IPSec router's configured remote IP addresses.
Two active SAs cannot have the local and remote IP address(es) both
the same. Two active SAs can have the same local or remote IP
address, but not both. You can configure multiple SAs between the
same local and remote IP addresses, as long as only one is active at
any time.
the same. Two active SAs can have the same local or remote IP
address, but not both. You can configure multiple SAs between the
same local and remote IP addresses, as long as only one is active at
any time.
Use the drop-down list box to choose Single Address or Subnet.
Select Single Address for a single IP address. Select Subnet to
specify IP addresses on a network by their subnet mask.
Select Single Address for a single IP address. Select Subnet to
specify IP addresses on a network by their subnet mask.
IP Address
for VPN
When the local IP address type is configured to Single Address, enter
a (static) IP address on the LAN behind your ZyXEL Device.
a (static) IP address on the LAN behind your ZyXEL Device.
When the local IP address type is configured to Subnet, enter a
(static) IP address on the LAN behind your ZyXEL Device.
(static) IP address on the LAN behind your ZyXEL Device.
IP
Subnetmask
When the local IP address type is configured to Single Address, this
field is not available.
field is not available.
When the local IP address type is configured to Subnet, enter a subnet
mask on the LAN behind your ZyXEL Device.
mask on the LAN behind your ZyXEL Device.
Tunnel access
from remote IP
addresses
from remote IP
addresses
Specify the IP addresses of the devices behind the remote IPSec router
that can use the VPN tunnel. The remote IP addresses must correspond
to the remote IPSec router's configured local IP addresses.
that can use the VPN tunnel. The remote IP addresses must correspond
to the remote IPSec router's configured local IP addresses.
Two active SAs cannot have the local and remote IP address(es) both
the same. Two active SAs can have the same local or remote IP
address, but not both. You can configure multiple SAs between the
same local and remote IP addresses, as long as only one is active at
any time.
the same. Two active SAs can have the same local or remote IP
address, but not both. You can configure multiple SAs between the
same local and remote IP addresses, as long as only one is active at
any time.
Use the drop-down list box to choose Single Address or Subnet.
Select Single Address with a single IP address. Select Subnet to
specify IP addresses on a network by their subnet mask.
Select Single Address with a single IP address. Select Subnet to
specify IP addresses on a network by their subnet mask.
IP Address
for VPN
When the remote IP address type is configured to Single Address,
enter a (static) IP address on the network behind the remote IPSec
router.
enter a (static) IP address on the network behind the remote IPSec
router.
When the remote IP address type is configured to Subnet, enter a
(static) IP address on the network behind the remote IPSec router.
(static) IP address on the network behind the remote IPSec router.
IP
Subnetmask
When the remote IP address type is configured to Single Address,
this field is not available.
this field is not available.
When the remote IP address type is configured to Subnet, enter a
subnet mask on the network behind the remote IPSec router.
subnet mask on the network behind the remote IPSec router.
Protocol
This field displays ESP and the ZyXEL Device uses ESP (Encapsulation
Security Payload) for VPN. The ESP protocol (RFC 2406) provides
encryption as well as some of the services offered by AH.
Security Payload) for VPN. The ESP protocol (RFC 2406) provides
encryption as well as some of the services offered by AH.
Key Exchange
Method
Method
Select Auto(IKE) or Manual from the drop-down list box. Auto(IKE)
provides more protection so it is generally recommended. Manual is a
useful option for troubleshooting if you have problems using
Auto(IKE) key management.
provides more protection so it is generally recommended. Manual is a
useful option for troubleshooting if you have problems using
Auto(IKE) key management.
Table 88 IPSec Settings > Add/Edit: Manual
LABEL
DESCRIPTION