User's Manual

ManualsBrandsZyXEL ManualsNetwork RouterZyXEL ZyXEL Communications Network Router wireless n gigbit router zyxel

211

212

213

214

215

216

217

218

219

220

Chapter 15 IPSec VPN

NBG-460N User’s Guide

215

IPSec Keying

Mode

Select IKE or Manual from the drop-down list box. IKE provides more

protection so it is generally recommended. Manual is a useful option

for troubleshooting if you have problems using IKE key management.

Protocol

Number

Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and

signifies any protocol.

DNS Server

(for IPSec VPN)

If there is a private DNS server that services the VPN, type its IP

address here. The NBG-460N assigns this additional DNS server to the

NBG-460N's DHCP clients that have IP addresses in this IPSec rule's

range of local addresses.

A DNS server allows clients on the VPN to find other computers and

servers on the VPN by their (private) domain names.

Local Policy Local IP addresses must be static and correspond to the remote IPSec

router's configured remote IP addresses.

Two active SAs can have the same configured local or remote IP

address, but not both. You can configure multiple SAs between the

same local and remote IP addresses, as long as only one is active at any

time.

In order to have more than one active rule with the Secure Gateway

Address field set to 0.0.0.0, the ranges of the local IP addresses

cannot overlap between rules.

If you configure an active rule with 0.0.0.0 in the Secure Gateway

Address field and the LAN’s full IP address range as the local IP

address, then you cannot configure any other active rules with the

Secure Gateway Address field set to 0.0.0.0.

Local Address For a single IP address, enter a (static) IP address on the LAN behind

your NBG-460N.

For a specific range of IP addresses, enter the beginning (static) IP

address, in a range of computers on your LAN behind your NBG-460N.

To specify IP addresses on a network by their subnet mask, enter a

(static) IP address on the LAN behind your NBG-460N.

Local Address

End /Mask

When the local IP address is a single address, type it a second time

here.

When the local IP address is a range, enter the end (static) IP address,

in a range of computers on the LAN behind your NBG-460N.

When the local IP address is a subnet address, enter a subnet mask on

the LAN behind your NBG-460N.

Local Port Start 0 is the default and signifies any port. Type a port number from 0 to

65535. Some of the most common IP ports are: 21, FTP; 53, DNS; 23,

Telnet; 80, HTTP; 25, SMTP; 110, POP3.

Local Port End Enter a port number in this field to define a port range. This port

number must be greater than that specified in the previous field. If

Local Port Start is left at 0, Local Port End will also remain at 0.

Table 70 Security > VPN > General > Rule Setup: Manual (continued)

LABEL DESCRIPTION