ZyXEL Communications 1000 Manual De Usuario
Chapter 25 IPSec VPN
ZyWALL USG 1000 User’s Guide
459
Each field is described in the following table.
Table 121 Configuration > VPN > IPSec VPN > VPN Gateway > Edit
LABEL
DESCRIPTION
Show Advance
Settings / Hide
Advance Settings
Settings / Hide
Advance Settings
Click this button to display a greater or lesser number of
configuration fields.
configuration fields.
General Settings
VPN Gateway
Name
Type the name used to identify this VPN gateway. You may use 1-31
alphanumeric characters, underscores(
alphanumeric characters, underscores(
_
), or dashes (-), but the first
character cannot be a number. This value is case-sensitive.
Gateway Settings
My Address
Select how the IP address of the ZyWALL in the IKE SA is defined.
If you select Interface, select the Ethernet interface, VLAN
interface, virtual Ethernet interface, virtual VLAN interface, PPPoE/
PPTP interface, or auxiliary interface. The IP address of the ZyWALL
in the IKE SA is the IP address of the interface.
interface, virtual Ethernet interface, virtual VLAN interface, PPPoE/
PPTP interface, or auxiliary interface. The IP address of the ZyWALL
in the IKE SA is the IP address of the interface.
If you select Domain Name / IP, enter the domain name or the IP
address of the ZyWALL. The IP address of the ZyWALL in the IKE SA
is the specified IP address or the IP address corresponding to the
domain name. 0.0.0.0 is invalid.
address of the ZyWALL. The IP address of the ZyWALL in the IKE SA
is the specified IP address or the IP address corresponding to the
domain name. 0.0.0.0 is invalid.
Peer Gateway
Address
Select how the IP address of the remote IPSec router in the IKE SA is
defined.
defined.
Select Static Address to enter the domain name or the IP address
of the remote IPSec router. You can provide a second IP address or
domain name for the ZyWALL to try if it cannot establish an IKE SA
with the first one.
of the remote IPSec router. You can provide a second IP address or
domain name for the ZyWALL to try if it cannot establish an IKE SA
with the first one.
Fall back to Primary Peer Gateway when possible: When
you select this, if the connection to the primary address goes
down and the ZyWALL changes to using the secondary
connection, the ZyWALL will reconnect to the primary address
when it becomes available again and stop using the secondary
connection. Users will lose their VPN connection briefly while the
ZyWALL changes back to the primary connection. To use this, the
peer device at the secondary address cannot be set to use a
nailed-up VPN connection. In the Fallback Check Interval field,
set how often to check if the primary address is available.
Select Dynamic Address if the remote IPSec router has a dynamic
IP address (and does not use DDNS).
IP address (and does not use DDNS).
Authentication
Note: The ZyWALL and remote IPSec router must use the
same authentication method to establish the IKE SA.