ZyXEL nbg-5715 Guia Do Utilizador
Chapter 18 IPSec VPN
NBG5715 User’s Guide
126
You can usually provide a static IP address or a domain name for the remote IPSec router as well.
Sometimes, you might not know the IP address of the remote IPSec router (for example,
telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router can
initiate an IKE SA.
Sometimes, you might not know the IP address of the remote IPSec router (for example,
telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router can
initiate an IKE SA.
18.3.2 IPSec SA (IKE Phase 2) Overview
Once the NBG5715 and remote IPSec router have established the IKE SA, they can securely
negotiate an IPSec SA through which to send data between computers on the networks.
negotiate an IPSec SA through which to send data between computers on the networks.
Note: The IPSec SA stays connected even if the underlying IKE SA is not available
anymore.
Local Network and Remote Network
In an IPSec SA, the local network consists of devices connected to the NBG5715 and may be called
the local policy. Similarly, the remote network consists of the devices connected to the remote
IPSec router and may be called the remote policy.
the local policy. Similarly, the remote network consists of the devices connected to the remote
IPSec router and may be called the remote policy.
Note: It is not recommended to set a VPN rule’s local and remote network settings both
to 0.0.0.0 (any). This causes the NBG5715 to try to forward all access attempts (to
the local network, the Internet or even the NBG5715) to the remote IPSec router.
In this case, you can no longer manage the NBG5715.
18.4 The General Screen
The following figure helps explain the main fields in the web configurator.
Figure 77
IPSec Fields Summary
Local and remote IP addresses must be static.
Local Network
Local IP Address
Remote Network
Remote IP Address
Remote
IPSec Router
IPSec Router
VPN Tunnel