ZyXEL Communications wireless n gigbit router zyxel Manual Do Utilizador
Chapter 15 IPSec VPN
NBG-460N User’s Guide
197
Note: Both routers must use the same negotiation mode.
These modes are discussed in more detail in
. Main
mode is used in various examples in the rest of this section.
IP Addresses of the NBG-460N and Remote IPSec Router
In the NBG-460N, you have to specify the IP addresses of the NBG-460N and the
remote IPSec router to establish an IKE SA.
remote IPSec router to establish an IKE SA.
You can usually provide a static IP address or a domain name for the NBG-460N.
Sometimes, your NBG-460N might also offer another alternative, such as using
the IP address of a port or interface.
Sometimes, your NBG-460N might also offer another alternative, such as using
the IP address of a port or interface.
You can usually provide a static IP address or a domain name for the remote
IPSec router as well. Sometimes, you might not know the IP address of the
remote IPSec router (for example, telecommuters). In this case, you can still set
up the IKE SA, but only the remote IPSec router can initiate an IKE SA.
IPSec router as well. Sometimes, you might not know the IP address of the
remote IPSec router (for example, telecommuters). In this case, you can still set
up the IKE SA, but only the remote IPSec router can initiate an IKE SA.
15.3.2 IPSec SA (IKE Phase 2) Overview
Once the NBG-460N and remote IPSec router have established the IKE SA, they
can securely negotiate an IPSec SA through which to send data between
computers on the networks.
can securely negotiate an IPSec SA through which to send data between
computers on the networks.
Note: The IPSec SA stays connected even if the underlying IKE SA is not available
anymore.
Local Network and Remote Network
In an IPSec SA, the local network consists of devices connected to the NBG-460N
and may be called the local policy. Similarly, the remote network consists of the
devices connected to the remote IPSec router and may be called the remote
policy.
and may be called the local policy. Similarly, the remote network consists of the
devices connected to the remote IPSec router and may be called the remote
policy.
Note: It is not recommended to set a VPN rule’s local and remote network settings
both to 0.0.0.0 (any). This causes the NBG-460N to try to forward all access
attempts (to the local network, the Internet or even the NBG-460N) to the
remote IPSec router. In this case, you can no longer manage the NBG-460N.
attempts (to the local network, the Internet or even the NBG-460N) to the
remote IPSec router. In this case, you can no longer manage the NBG-460N.