ZyXEL VMG8324 User Guide - Page 225
VPN, VMG8324-B10A / VMG8324-B30A Series User's Guide
View all ZyXEL VMG8324 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 225 highlights
Chapter 20 VPN Table 104 Security > IPSec VPN: Add/Edit LABEL Local ID Content DESCRIPTION When you select IP in the Local ID Type field, type the IP address of your computer in this field. If you configure this field to 0.0.0.0 or leave it blank, the Device automatically uses the Pre-Shared Key (refer to the Pre-Shared Key field description). It is recommended that you type an IP address other than 0.0.0.0 in this field or use the DNS or E-mail type in the following situations. Remote ID Type • When there is a NAT router between the two IPSec routers. • When you want the remote IPSec router to be able to distinguish between VPN connection requests that come in from IPSec routers with dynamic WAN IP addresses. When you select DNS or E-mail in the Local ID Type field, type a domain name or email address by which to identify this Device in this field. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string. Select IP to identify the remote IPSec router by its IP address. Select E-mail to identify the remote IPSec router by an e-mail address. Select DNS to identify the remote IPSec router by a domain name. Remote ID Content Select ASN1DN to identify the remote IPSec router by the subject field in a certificate. This is used only with certificate-based authentication. The configuration of the remote content depends on the remote ID type. For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the Device will use the address in the Remote IPSec Gateway Address field (refer to the Remote IPSec Gateway Address field description). For DNS or E-mail, type a domain name or e-mail address by which to identify the remote IPSec router. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string. It is recommended that you type an IP address other than 0.0.0.0 or use the DNS or Email ID type in the following situations: Advanced IKE Settings NAT_Traversal Phase 1 Mode • When there is a NAT router between the two IPSec routers. • When you want the Device to distinguish between VPN connection requests that come in from remote IPSec routers with dynamic WAN IP addresses. Click more to display advanced settings. Click less to display basic settings only. Select Enable if you want to set up a VPN tunnel when there are NAT routers between the Device and remote IPSec router. The remote IPSec router must also enable NAT traversal, and the NAT routers have to forward UDP port 500 packets to the remote IPSec router behind the NAT router. Otherwise, select Disable. Select the negotiation mode to use to negotiate the IKE SA. Choices are: Main - this encrypts the Device's and remote IPSec router's identities but takes more time to establish the IKE SA. Aggressive - this is faster but does not encrypt the identities. The Device and the remote IPSec router must use the same negotiation mode. VMG8324-B10A / VMG8324-B30A Series User's Guide 225