ZyXEL NBG-460N User Guide - Page 204
Table 67
View all ZyXEL NBG-460N manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 204 highlights
Chapter 15 IPSec VPN Table 67 Security > VPN > General > Rule Setup: Manual (continued) LABEL DESCRIPTION Remote Address For a single IP address, enter a (static) IP address on the network behind the remote IPSec router. For a specific range of IP addresses, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router. Remote Address End / Mask To specify IP addresses on a network by their subnet mask, enter a (static) IP address on the network behind the remote IPSec router. When the remote IP address is a single address, type it a second time here. When the remote IP address is a range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router. Remote Port Start Remote Port End My IP Address When the remote IP address is a subnet address, enter a subnet mask on the network behind the remote IPSec router. 0 is the default and signifies any port. Type a port number from 0 to 65535. Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3. Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. If Remote Port Start is left at 0, Remote Port End will also remain at 0. Enter the NBG-460N's static WAN IP address (if it has one) or leave the field set to 0.0.0.0. The NBG-460N uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes down, the NBG-460N uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using traffic redirect. Otherwise, you can enter one of the dynamic domain names that you have configured (in the DDNS screen) to have the NBG-460N use that dynamic domain name's IP address. Secure Gateway Address SPI Encapsulation Mode Enable Replay Detection The VPN tunnel has to be rebuilt if My IP Address changes after setup. Type the WAN IP address or the domain name (up to 31 characters) of the IPSec router with which you're making the VPN connection. Type a unique SPI (Security Parameter Index) from one to four characters long. Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9". Select Tunnel mode or Transport mode from the drop-down list box. As a VPN setup is processing intensive, the system is vulnerable to Denial of Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks. Select Yes from the drop-down menu to enable replay detection, or select No to disable it. 204 NBG-460N User's Guide