ZyXEL zywall 10 Manual

Doc.Ref tgbvpn_cg_ZyWall10_en
Doc.version

2.0 – Nov.2004

VPN version

2.5x

3 TheGreenBow IPSec VPN Client configuration

3.1 VPN Client Phase 1 (IKE) Configuration

In the "Interface" field, you can select a star ("*"), if the client host receive a dynamic IP Address from an ISP for
example.
The "Remote Address" field value is the Zyxel ZyWALL VPN router public IP address or DNS address.
By clicking in "Advanced" button, you can setup "Phase 1 Ids" and "Aggressive Mode".

The remote Gateway
IP address is either
an explicit IP address,

abcdefgh

Phase 1 configuration

3.2 VPN Client Phase 2 (IPSec) Configuration

In this window, you define IPSec VPN Policy. "VPN Client address" is the virtual IP address of the client inside
the LAN. With Zyxel VPN gateways, this address must not belong to the remote LAN.
Take as example the choice of 192.168.1.100 for virtual IP address. When the VPN client is sending a TCP or an
UDP packet to a target remote computer 192.168.0.x, this target will send inside its subnet an ARP request in
order to get VPN client MAC address and reply directly to it. But, this request cannot receive any answer because
the client is not physically present inside the subnet. So, initial packets from the client will not be answered.

IPSec VPN Router Configuration

7/12