ZyXEL Communications wireless n gigbit router zyxel User Manual
Chapter 15 IPSec VPN
NBG-460N User’s Guide
217
Secure
Gateway
Address
Gateway
Address
Type the WAN IP address or the domain name (up to 31 characters) of
the IPSec router with which you're making the VPN connection. Set this
field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP
address (the IPSec Keying Mode field must be set to IKE).
the IPSec router with which you're making the VPN connection. Set this
field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP
address (the IPSec Keying Mode field must be set to IKE).
In order to have more than one active rule with the Secure Gateway
Address field set to 0.0.0.0, the ranges of the local IP addresses
cannot overlap between rules.
Address field set to 0.0.0.0, the ranges of the local IP addresses
cannot overlap between rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway
Address field and the LAN’s full IP address range as the local IP
address, then you cannot configure any other active rules with the
Secure Gateway Address field set to 0.0.0.0.
Address field and the LAN’s full IP address range as the local IP
address, then you cannot configure any other active rules with the
Secure Gateway Address field set to 0.0.0.0.
Note: You can also enter a remote secure gateway’s domain name
in the Secure Gateway Address field if the remote secure
gateway has a dynamic WAN IP address and is using DDNS.
The NBG-460N has to rebuild the VPN tunnel each time the
remote secure gateway’s WAN IP address changes (there
may be a delay until the DDNS servers are updated with the
remote gateway’s new WAN IP address).
gateway has a dynamic WAN IP address and is using DDNS.
The NBG-460N has to rebuild the VPN tunnel each time the
remote secure gateway’s WAN IP address changes (there
may be a delay until the DDNS servers are updated with the
remote gateway’s new WAN IP address).
SPI
Type a unique SPI (Security Parameter Index) from one to four
characters long. Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".
characters long. Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".
Encapsulation
Mode
Mode
Select Tunnel mode or Transport mode from the drop-down list box.
Enable Replay
Detection
Detection
As a VPN setup is processing intensive, the system is vulnerable to
Denial of Service (DoS) attacks The IPSec receiver can detect and reject
old or duplicate packets to protect against replay attacks. Select Yes
from the drop-down menu to enable replay detection, or select No to
disable it.
Denial of Service (DoS) attacks The IPSec receiver can detect and reject
old or duplicate packets to protect against replay attacks. Select Yes
from the drop-down menu to enable replay detection, or select No to
disable it.
IPSec Protocol
Select the security protocols used for an SA.
Both AH and ESP increase processing requirements and
communications latency (delay).
communications latency (delay).
If you select ESP here, you must select options from the Encryption
Algorithm and Authentication Algorithm fields (described below).
Algorithm and Authentication Algorithm fields (described below).
Encryption
Algorithm
Algorithm
Select which key size and encryption algorithm to use in the IKE SA.
Choices are:
Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
The NBG-460N and the remote IPSec router must use the same
algorithms and keys. Longer keys require more processing power,
resulting in increased latency and decreased throughput.
algorithms and keys. Longer keys require more processing power,
resulting in increased latency and decreased throughput.
Encryption Key This field is applicable when you select ESP in the IPSec Protocol field
above.
With DES, type a unique key 8 characters long. With 3DES, type a
unique key 24 characters long. Any characters may be used, including
spaces, but trailing spaces are truncated.
unique key 24 characters long. Any characters may be used, including
spaces, but trailing spaces are truncated.
Table 70 Security > VPN > General > Rule Setup: Manual (continued)
LABEL
DESCRIPTION