ZyXEL nbg-5715 Mode D'Emploi
Chapter 18 IPSec VPN
NBG5715 User’s Guide
132
Local Content
When you select IP in the Local ID Type field, type the IP address of your
computer in the Local Content field. The NBG5715 automatically uses the IP
address in the My IP Address field (refer to the My IP Address field
description) if you configure the Local Content field to 0.0.0.0 or leave it
blank.
computer in the Local Content field. The NBG5715 automatically uses the IP
address in the My IP Address field (refer to the My IP Address field
description) if you configure the Local Content field to 0.0.0.0 or leave it
blank.
It is recommended that you type an IP address other than 0.0.0.0 in the Local
Content field or use the Domain Name or E-mail ID type in the following
situations.
Content field or use the Domain Name or E-mail ID type in the following
situations.
When there is a NAT router between the two IPSec routers.
When you want the remote IPSec router to be able to distinguish between VPN
connection requests that come in from IPSec routers with dynamic WAN IP
addresses.
connection requests that come in from IPSec routers with dynamic WAN IP
addresses.
When you select Domain Name or E-mail in the Local ID Type field, type a
domain name or e-mail address by which to identify this NBG5715 in the Local
Content field. Use up to 31 ASCII characters including spaces, although trailing
spaces are truncated. The domain name or e-mail address is for identification
purposes only and can be any string.
domain name or e-mail address by which to identify this NBG5715 in the Local
Content field. Use up to 31 ASCII characters including spaces, although trailing
spaces are truncated. The domain name or e-mail address is for identification
purposes only and can be any string.
Secure Gateway
Address
Address
Type the WAN IP address or the domain name (up to 31 characters) of the
IPSec router with which you're making the VPN connection.
IPSec router with which you're making the VPN connection.
Set this field to
0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the
IPSec Keying Mode field must be set to IKE).
IPSec Keying Mode field must be set to IKE).
In order to have more than one active rule with the Secure Gateway
Address field set to 0.0.0.0, the ranges of the local IP addresses
cannot overlap between rules.
Address field set to 0.0.0.0, the ranges of the local IP addresses
cannot overlap between rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway
Address field and the LAN’s full IP address range as the local IP
address, then you cannot configure any other active rules with the
Secure Gateway Address field set to 0.0.0.0.
Address field and the LAN’s full IP address range as the local IP
address, then you cannot configure any other active rules with the
Secure Gateway Address field set to 0.0.0.0.
You can also enter a remote secure gateway’s domain name in the
Secure Gateway Address field if the remote secure gateway has
a dynamic WAN IP address and is using DDNS. The NBG5715
has to rebuild the VPN tunnel each time the remote secure
gateway’s WAN IP address changes (there may be a delay until
the DDNS servers are updated with the remote gateway’s new
WAN IP address).
Peer ID Type
Select IP to identify the remote IPSec router by its IP address.
Select Domain Name to identify the remote IPSec router by a domain name.
Select E-mail to identify the remote IPSec router by an e-mail address.
Table 54
Security > IPSec VPN > General > Edit: IKE (continued)
LABEL
DESCRIPTION