ZyXEL Communications EMG5324-D10A Manual Do Utilizador

Chapter 17 VPN

EMG5324-D10A User’s Guide

the Device and remote IPSec router can send data between computers on the local network and 
remote network. The following figure illustrates this.

VPN: IKE SA and IPSec SA 

In this example, a computer in network A is exchanging data with a computer in network B. Inside 
networks A and B, the data is transmitted the same way data is normally transmitted in the 
networks. Between routers X and Y, the data is protected by tunneling, encryption, authentication, 
and other security features of the IPSec SA. The IPSec SA is established securely using the IKE SA 
that routers X and Y established first.

My IP Address is the WAN IP address of the Device. The Device has to rebuild the VPN tunnel if 
My IP Address changes after setup.

The following applies if this field is configured as 0.0.0.0:

• The Device uses the current Device WAN IP address (static or dynamic) to set up the VPN tunnel. 

Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router 
(secure gateway).

If the remote secure gateway has a static WAN IP address, enter it in the Secure Gateway 
Address field. You may alternatively enter the remote secure gateway’s domain name (if it has 
one) in the Secure Gateway Address field. 

You can also enter a remote secure gateway’s domain name in the Secure Gateway Address field 
if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The Device has to 
rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may 
be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP address). 

If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 
as the secure gateway’s address. In this case only the remote secure gateway can initiate SAs. This 
may be useful for telecommuters initiating a VPN tunnel to the company network (see 

 for configuration examples).