ZyXEL p-2802h-i1 Guía Del Usuario
Chapter 14 VPN Screens
P-2802H(W)(L)-I Series User’s Guide
197
Content
The configuration of the peer content depends on the peer ID type.
For IP, type the IP address of the computer with which you will make the VPN
For IP, type the IP address of the computer with which you will make the VPN
connection. If you configure this field to 0.0.0.0 or leave it blank, the ZyXEL
Device will use the address in the Secure Gateway Address field (refer to the
Secure Gateway Address field description).
For DNS or E-mail, type a domain name or e-mail address by which to identify
For DNS or E-mail, type a domain name or e-mail address by which to identify
the remote IPSec router. Use up to 31 ASCII characters including spaces,
although trailing spaces are truncated. The domain name or e-mail address is for
identification purposes only and can be any string.
It is recommended that you type an IP address other than 0.0.0.0 or use the DNS
It is recommended that you type an IP address other than 0.0.0.0 or use the DNS
or E-mail ID type in the following situations:
When there is a NAT router between the two IPSec routers.
When you want the ZyXEL Device to distinguish between VPN connection
When there is a NAT router between the two IPSec routers.
When you want the ZyXEL Device to distinguish between VPN connection
requests that come in from remote IPSec routers with dynamic WAN IP
addresses.
Secure Gateway
Address
Type the WAN IP address or the URL (up to 31 characters) of the IPSec router
with which you're making the VPN connection. Set this field to 0.0.0.0 if the
remote IPSec router has a dynamic WAN IP address (the Key Management field
must be set to IKE).
In order to have more than one active rule with the Secure Gateway Address
In order to have more than one active rule with the Secure Gateway Address
field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between
rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field
If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field
and the LAN’s full IP address range as the local IP address, then you cannot
configure any other active rules with the Secure Gateway Address field set to
0.0.0.0.
Security Protocol
VPN Protocol
Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP
protocol (RFC 2406) provides encryption as well as some of the services offered
by AH. If you select ESP here, you must select options from the Encryption
Algorithm and Authentication Algorithm fields (described below).
Pre-Shared Key
Click the button to use a pre-shared key for authentication, and type in your pre-
shared key. A pre-shared key identifies a communicating party during a phase 1
IKE negotiation. It is called "pre-shared" because you have to share it with
another party before you can communicate with them over a secure connection.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal
("0-9", "A-F") characters. You must precede a hexadecimal key with a "0x” (zero
x), which is not counted as part of the 16 to 62 character range for the key. For
example, in "0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal
and “0123456789ABCDEF” is the key itself.
Both ends of the VPN tunnel must use the same pre-shared key. You will receive
Both ends of the VPN tunnel must use the same pre-shared key. You will receive
a “PYLD_MALFORMED” (payload malformed) packet if the same pre-shared key
is not used on both ends.
Certificate
Click the button to use a certificate for authentication. Select the certificate you
want to use from the list. You can create, import and configure certificates in the
Security > Certificates screens, or click the My Certificates link.
My Certificates
Click this to go to the Security > Certificates > My Certificates screen. If you do
not click Apply first, your VPN settings will not be saved.
Table 77 VPN Setup; Edit
LABEL
DESCRIPTION