ZyXEL 2WG Guía Del Usuario
Chapter 15 IPSec VPN Screens
ZyWALL 2WG User’s Guide
303
The following table describes the labels in this screen.
Table 85 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy
LABEL
DESCRIPTION
Property
Name
Type up to 32 characters to identify this VPN gateway policy. You may use any
character, including spaces, but the ZyWALL drops trailing spaces.
NAT Traversal
Select this check box to enable NAT traversal. NAT traversal allows you to set up
a VPN connection when there are NAT routers between the two IPSec routers.
Note: The remote IPSec router must also have NAT traversal
enabled. See
VPN, NAT, and NAT Traversal
for more
information.
You can use NAT traversal with ESP protocol using Transport or Tunnel mode,
but not with AH protocol nor with manual key management. In order for an IPSec
router behind a NAT router to receive an initiating IPSec packet, set the NAT
router to forward UDP ports 500 and 4500 to the IPSec router behind the NAT
router.
Gateway Policy
Information
My ZyWALL
When the ZyWALL is in router mode, this field identifies the WAN IP address or
domain name of the ZyWALL. You can select My Address and enter the
ZyWALL's static WAN IP address (if it has one) or leave the field set to 0.0.0.0.
The ZyWALL uses its current WAN IP address (static or dynamic) in setting up the
The ZyWALL uses its current WAN IP address (static or dynamic) in setting up the
VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes down,
the ZyWALL uses the dial backup IP address for the VPN tunnel when using dial
backup or the LAN IP address when using traffic redirect.
Otherwise, you can select My Domain Name and choose one of the dynamic
Otherwise, you can select My Domain Name and choose one of the dynamic
domain names that you have configured (in the DDNS screen) to have the
ZyWALL use that dynamic domain name's IP address.
When the ZyWALL is in bridge mode, this field is read-only and displays the
When the ZyWALL is in bridge mode, this field is read-only and displays the
ZyWALL’s IP address.
The VPN tunnel has to be rebuilt if the My ZyWALL IP address changes after
The VPN tunnel has to be rebuilt if the My ZyWALL IP address changes after
setup.
Primary Remote
Gateway
Type the WAN IP address or the domain name (up to 31 characters) of the IPSec
router with which you're making the VPN connection. Set this field to 0.0.0.0 if the
remote IPSec router has a dynamic WAN IP address.
In order to have more than one active rule with the Primary Remote Gateway
In order to have more than one active rule with the Primary Remote Gateway
field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between
rules.
If you configure an active rule with 0.0.0.0 in the Primary Remote Gateway field
If you configure an active rule with 0.0.0.0 in the Primary Remote Gateway field
and the LAN’s full IP address range as the local IP address, then you cannot
configure any other active rules with the Primary Remote Gateway field set to
0.0.0.0.
Enable IPSec High
Availability
Turn on the high availability feature to use a redundant (backup) VPN connection
to another WAN interface on the remote IPSec router if the primary (regular) VPN
connection goes down. The remote IPSec router must have a second WAN
connection in order for you to use this.
To use this, you must identify both the primary and the redundant remote IPSec
To use this, you must identify both the primary and the redundant remote IPSec
routers by WAN IP address or domain name (you cannot set either to 0.0.0.0).
Redundant
Remote Gateway
Type the WAN IP address or the domain name (up to 31 characters) of the
backup IPSec router to use when the ZyWALL cannot connect to the primary
remote gateway.