ZyXEL Router Prestige 662HW-61 91-004-371001 Manual Do Utilizador

Prestige 662H/HW Series User’s Guide

439

Chapter 45 VPN/IPSec Setup

Nat Traversal

Press [SPACE BAR] to choose either Yes or No. Choose Yes and press [ENTER] to 

enable NAT traversal. NAT traversal allows you to set up a VPN connection when 

there are NAT routers between the two IPSec routers.
The remote IPSec router must also have NAT traversal enabled. You can use NAT 

traversal with ESP protocol using Transport or Tunnel mode, but not with AH 

protocol nor with Manual key management. 
In order for an IPSec router behind a NAT router to receive an initiating IPSec packet, 

set the NAT router to forward UDP port 500 to the IPSec router behind the NAT 

router.

Local ID type

Press [SPACE BAR] to choose IP, DNS, or E-mail and press [ENTER]. 
Select IP to identify this Prestige by its IP address. 
Select DNS to identify this Prestige by a domain name.
Select E-mail to identify this Prestige by an e-mail address.

Content

When you select IP in the Local ID Type field, type the IP address of your computer 

or leave the field blank to have the Prestige automatically use its own IP address.
When you select DNS in the Local ID Type field, type a domain name (up to 31 

characters) by which to identify this Prestige. 
When you select E-mail in the Local ID Type field, type an e-mail address (up to 31 

characters) by which to identify this Prestige. 
The domain name or e-mail address that you use in the Content field is used for 

identification purposes only and does not need to be a real domain name or e-mail 

address. 

My IP Addr

Enter the IP address of your Prestige. The Prestige uses its current WAN IP address 

(static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0.  
The VPN tunnel has to be rebuilt if this IP address changes.

Peer ID type

Press [SPACE BAR] to choose IP, DNS, or E-mail and press [ENTER]. 
Select IP to identify the remote IPSec router by its IP address. 
Select DNS to identify the remote IPSec router by a domain name.
Select E-mail to identify the remote IPSec router by an e-mail address.

Content

When you select IP in the Peer ID Type field, type the IP address of the computer 

with which you will make the VPN connection or leave the field blank to have the 

Prestige automatically use the address in the Secure Gateway Address field.
When you select DNS in the Peer ID Type field, type a domain name (up to 31 

characters) by which to identify the remote IPSec router. 
When you select E-mail in the Peer ID Type field, type an e-mail address (up to 31 

characters) by which to identify the remote IPSec router. 
The domain name or e-mail address that you use in the Content field is used for 

identification purposes only and does not need to be a real domain name or e-mail 

address. The domain name also does not have to match the remote router’s IP 

address or what you configure in the Secure Gateway Address field below.

Secure 

Gateway 

Address

Type the IP address or the domain name (up to 31 characters) of the IPSec router 

with which you’re making the VPN connection. 
Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the 

Key Management field must be set to IKE, see later). 

Protocol

Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any 

protocol.

 

Menu 27.1.1 IPSec Setup (continued)