ZyXEL Communications wireless n gigbit router zyxel Manual Do Utilizador

 Chapter 15 IPSec VPN

NBG-460N User’s Guide

Note: Both routers must use the same negotiation mode.

These modes are discussed in more detail in 

. Main 

mode is used in various examples in the rest of this section.

In the NBG-460N, you have to specify the IP addresses of the NBG-460N and the 
remote IPSec router to establish an IKE SA.

You can usually provide a static IP address or a domain name for the NBG-460N. 
Sometimes, your NBG-460N might also offer another alternative, such as using 
the IP address of a port or interface.

You can usually provide a static IP address or a domain name for the remote 
IPSec router as well. Sometimes, you might not know the IP address of the 
remote IPSec router (for example, telecommuters). In this case, you can still set 
up the IKE SA, but only the remote IPSec router can initiate an IKE SA.

Once the NBG-460N and remote IPSec router have established the IKE SA, they 
can securely negotiate an IPSec SA through which to send data between 
computers on the networks.

Note: The IPSec SA stays connected even if the underlying IKE SA is not available 

anymore.

In an IPSec SA, the local network consists of devices connected to the NBG-460N 
and may be called the local policy. Similarly, the remote network consists of the 
devices connected to the remote IPSec router and may be called the remote 
policy.

Note: It is not recommended to set a VPN rule’s local and remote network settings 

both to 0.0.0.0 (any). This causes the NBG-460N to try to forward all access 
attempts (to the local network, the Internet or even the NBG-460N) to the 
remote IPSec router. In this case, you can no longer manage the NBG-460N.