ZyXEL P-661H-D1 User Guide - Page 218
What You Need to Know About IPSec VPN, My IP Address, Secure Gateway Address
View all ZyXEL P-661H-D1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 218 highlights
Chapter 16 VPN 16.1.2 What You Need to Know About IPSec VPN A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the ZyXEL Device and the remote IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between the ZyXEL Device and remote IPSec router. The second phase uses the IKE SA to securely establish an IPSec SA through which the ZyXEL Device and remote IPSec router can send data between computers on the local network and remote network. The following figure illustrates this. Figure 95 VPN: IKE SA and IPSec SA A B IPSec SA X IKE SA Y In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks. Between routers X and Y, the data is protected by tunneling, encryption, authentication, and other security features of the IPSec SA. The IPSec SA is established securely using the IKE SA that routers X and Y established first. My IP Address My IP Address is the WAN IP address of the ZyXEL Device. The ZyXEL Device has to rebuild the VPN tunnel if My IP Address changes after setup. The following applies if this field is configured as 0.0.0.0: • The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or dynamic) to set up the VPN tunnel. Secure Gateway Address Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure gateway). 218 P-661HNU-Fx User's Guide