ZyXEL Communications wireless n gigbit router zyxel User Manual

Page of 384
Chapter 15 IPSec VPN
NBG-460N User’s Guide
216
Remote Policy
Remote IP addresses must be static and correspond to the remote 
IPSec router's configured local IP addresses. The remote fields do not 
apply when the Secure Gateway IP Address field is configured to 
0.0.0.0. In this case only the remote IPSec router can initiate the VPN.
Two active SAs cannot have the local and remote IP address(es) both 
the same. Two active SAs can have the same local or remote IP 
address, but not both. You can configure multiple SAs between the 
same local and remote IP addresses, as long as only one is active at any 
time.
Remote 
Address
For a single IP address, enter a (static) IP address on the network 
behind the remote IPSec router. 
For a specific range of IP addresses, enter the beginning (static) IP 
address, in a range of computers on the network behind the remote 
IPSec router. 
To specify IP addresses on a network by their subnet mask, enter a 
(static) IP address on the network behind the remote IPSec router. 
Remote 
Address End /
Mask
When the remote IP address is a single address, type it a second time 
here. 
When the remote IP address is a range, enter the end (static) IP 
address, in a range of computers on the network behind the remote 
IPSec router. 
When the remote IP address is a subnet address, enter a subnet mask 
on the network behind the remote IPSec router. 
Remote Port 
Start 
0 is the default and signifies any port. Type a port number from 0 to 
65535. Some of the most common IP ports are: 21, FTP; 53, DNS; 23, 
Telnet; 80, HTTP; 25, SMTP; 110, POP3.
Remote Port 
End 
Enter a port number in this field to define a port range. This port 
number must be greater than that specified in the previous field. If 
Remote Port Start is left at 0, Remote Port End will also remain at 0.
My IP Address 
Enter the NBG-460N's static WAN IP address (if it has one) or leave the 
field set to 0.0.0.0
The NBG-460N uses its current WAN IP address (static or dynamic) in 
setting up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN 
connection goes down, the NBG-460N uses the dial backup IP address 
for the VPN tunnel when using dial backup or the LAN IP address when 
using traffic redirect.
Otherwise, you can enter one of the dynamic domain names that you 
have configured (in the DDNS screen) to have the NBG-460N use that 
dynamic domain name's IP address. 
The VPN tunnel has to be rebuilt if My IP Address changes after setup.
Table 70   Security > VPN > General > Rule Setup: Manual (continued)
LABEL
DESCRIPTION