ZyXEL P-660HNU-F1 User Guide - Page 204
My IP Address, Secure Gateway Address, IPSec SA, IKE SA
View all ZyXEL P-660HNU-F1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 204 highlights
Chapter 16 VPN Figure 104 VPN: IKE SA and IPSec SA A B IPSec SA X IKE SA Y In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks. Between routers X and Y, the data is protected by tunneling, encryption, authentication, and other security features of the IPSec SA. The IPSec SA is established securely using the IKE SA that routers X and Y established first. My IP Address My IP Address is the WAN IP address of the ZyXEL Device. The ZyXEL Device has to rebuild the VPN tunnel if My IP Address changes after setup. The following applies if this field is configured as 0.0.0.0: • The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or dynamic) to set up the VPN tunnel. Secure Gateway Address Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure gateway). If the remote secure gateway has a static WAN IP address, enter it in the Secure Gateway Address field. You may alternatively enter the remote secure gateway's domain name (if it has one) in the Secure Gateway Address field. You can also enter a remote secure gateway's domain name in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The ZyXEL Device has to rebuild the VPN tunnel each time the remote secure gateway's WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway's new WAN IP address). Dynamic Secure Gateway Address If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as the secure gateway's address. In this case only the remote secure gateway can initiate SAs. This may be useful for telecommuters initiating a VPN tunnel to the company network (see Section 16.6.11 on page 219 for configuration examples). The Secure Gateway IP Address may be configured as 0.0.0.0 only when using IKE key management and not Manual key management. 204 ADSL Series User's Guide