ZyXEL nbg-5715 用户指南
Chapter 18 IPSec VPN
NBG5715 User’s Guide
138
My IP Address
Enter the NBG5715's static WAN IP address (if it has one) or leave the field set to
0.0.0.0.
0.0.0.0.
The NBG5715 uses its current WAN IP address (static or dynamic) in setting up
the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes
down, the NBG5715 uses the dial backup IP address for the VPN tunnel when
using dial backup or the LAN IP address when using traffic redirect.
the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes
down, the NBG5715 uses the dial backup IP address for the VPN tunnel when
using dial backup or the LAN IP address when using traffic redirect.
Otherwise, you can enter one of the dynamic domain names that you have
configured (in the DDNS screen) to have the NBG5715 use that dynamic domain
name's IP address.
configured (in the DDNS screen) to have the NBG5715 use that dynamic domain
name's IP address.
The VPN tunnel has to be rebuilt if My IP Address changes after setup.
Secure Gateway
Address
Address
Type the WAN IP address or the domain name (up to 31 characters) of the IPSec
router with which you're making the VPN connection.
router with which you're making the VPN connection.
Set this field to 0.0.0.0
if the remote IPSec router has a dynamic WAN IP address (the IPSec
Keying Mode field must be set to IKE).
Keying Mode field must be set to IKE).
In order to have more than one active rule with the Secure Gateway
Address field set to 0.0.0.0, the ranges of the local IP addresses
cannot overlap between rules.
Address field set to 0.0.0.0, the ranges of the local IP addresses
cannot overlap between rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway
Address field and the LAN’s full IP address range as the local IP
address, then you cannot configure any other active rules with the
Secure Gateway Address field set to 0.0.0.0.
Address field and the LAN’s full IP address range as the local IP
address, then you cannot configure any other active rules with the
Secure Gateway Address field set to 0.0.0.0.
You can also enter a remote secure gateway’s domain name in the
Secure Gateway Address field if the remote secure gateway has
a dynamic WAN IP address and is using DDNS. The NBG5715 has
to rebuild the VPN tunnel each time the remote secure gateway’s
WAN IP address changes (there may be a delay until the DDNS
servers are updated with the remote gateway’s new WAN IP
address).
IPSec Algorithm
SPI
Type a unique SPI (Security Parameter Index) from one to four characters long.
Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".
Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".
Encryption
Algorithm
Algorithm
Select which key size and encryption algorithm to use in the IKE SA. Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
The NBG5715 and the remote IPSec router must use the same algorithms and
keys. Longer keys require more processing power, resulting in increased latency
and decreased throughput.
keys. Longer keys require more processing power, resulting in increased latency
and decreased throughput.
Encryption Key
This field is applicable when you select ESP in the IPSec Protocol field above.
With DES, type a unique key 8 characters long. With 3DES, type a unique key
24 characters long. Any characters may be used, including spaces, but trailing
spaces are truncated.
24 characters long. Any characters may be used, including spaces, but trailing
spaces are truncated.
Authentication
Algorithm
Algorithm
Select which hash algorithm to use to authenticate packet data in the IPSec SA.
Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5,
but it is also slower.
Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5,
but it is also slower.
Authentication
Key
Key
Type a unique authentication key to be used by IPSec if applicable. Enter 16
characters for MD5 authentication or 20 characters for SHA-1 authentication.
Any characters may be used, including spaces, but trailing spaces are truncated.
characters for MD5 authentication or 20 characters for SHA-1 authentication.
Any characters may be used, including spaces, but trailing spaces are truncated.
Encapsulation
Mode
Mode
Select Tunnel mode or Transport mode from the drop-down list box.
Table 55
Security > IPSec VPN > General > Edit: Manual
(continued)
LABEL
DESCRIPTION