Manualsbrain.com
  1. Manuais
  2. Marcas
  3. ZyXEL
  4. 35
  5. Guia Do Utilizador

ZyXEL 35 Guia Do Utilizador

Download
Página de 335
 
 
ZyWALL 35 Support Notes 
 
 
All contents copyright (c) 2006 ZyXEL Communications Corporation.   
323
K18. I am planning my ZyWALL-to-ZyWALL VPN configuration. What do I need to know? 
 
First of all, both ZyWALL must have VPN capabilities. Please check the firmware version, V3.50 or later 
has the VPN capability. If your ZyWALL is capable of VPN, you can find the VPN options in 
Advanced>VPN tab.   
 
For configuring a 'box-to-box VPN', there are some tips:   
If there is a NAT router running in the front of ZyWALL, please make sure the NAT router supports to 
pass through IPSec.   
In NAT case (either run on the frond end router, or in ZyWALL VPN box), only IPSec ESP tunneling 
mode is supported since NAT against AH mode.   
 
Source IP/Destination IP-- Please do not number the LANs (local and remote) using the same exact 
range of private IP addresses. This will make VPN destination addresses and the local LAN addresses are 
indistinguishable, and VPN will not work.   
 
Secure Gateway IP Address -- This must be a public, routable IP address, private IP is not allowed. That 
means it can not be in the 10.x.x.x subnet, the 192.168.x.x subnet, nor in the range 172.16.0.0 - 
172.31.255.255 (these address ranges are reserved by internet standard for private LAN numberings 
behind NAT devices). It is usually a static IP so that we can pre-configure it in ZyWALL for making VPN 
connections. If it is a dynamic IP given by ISP, you still can configure this IP address after the remote 
ZyWALL is on-line and its WAN IP is available from ISP.   
 
 
K19. Does ZyWALL support dynamic secure gateway IP? 
If the remote VPN gateways uses dynamic IP, we enter 0.0.0.0 as the Secure Gateway IP Address in 
ZyWALL. In this case, the VPN connection can only be initiated from dynamic side to fixed side in order 
to update its dynamic IP to the fixed side. However, if both gateways use dynamic IP addresses, it is no 
way to establish VPN connection at all.   
 
 
K20. What VPN gateway that has been tested with ZyWALL successfully? 
We have tested ZyWALL successfully with the following third party VPN gateways.   
Cisco 1720 Router, IOS 12.2(2)XH, IP/ADSL/FW/IDS PLUS IPSEC 3DES   
NetScreen 5, ScreenOS 2.6.0r6   
SonicWALL SOHO 2   
WatchGuard Firebox II   
ZyXEL ZyWALL 100