ZyXEL Vantage CNM User Guide - Page 141
Device Operation > Device Configuration > Security > VPN > VPN Rules
View all ZyXEL Vantage CNM manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 141 highlights
Chapter 6 Device Security Settings The following table describes the labels in this screen. Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Property NAT Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec routers. Note: The remote IPSec router must also have NAT traversal enabled. You can use NAT traversal with ESP protocol using Transport or Tunnel mode, but not with AH protocol nor with manual key management. In order for an IPSec router behind a NAT router to receive an initiating IPSec packet, set the NAT router to forward UDP port 500 to the IPSec router behind the NAT router. Name Type up to 32 characters to identify this VPN gateway policy. You may use any character, including spaces, but the device drops trailing spaces. Gateway Policy Information My ZyWALL Address Type This field specifies how the IP address of the device is specified. IP Address: The device's IP address is a static IP address. Domain Name: The device's IP address is the IP address mapped to a specified domain name. DDNS Domain Name: The device's IP address is the IP address mapped to a specified DDNS domain name. My ZyWALL IP Address The VPN tunnel has to be rebuilt if the device's IP address changes after setup. This field is enabled if My ZyWALL Address Type is IP Address. Enter the device's static WAN IP address or leave the field set to 0.0.0.0. The following applies if this field is configured as 0.0.0.0: • When the WAN port operation mode is set to Active/Passive, the device uses the IP address (static or dynamic) of the WAN port that is in use. • When the WAN port operation mode is set to Active/Active, the device uses the IP address (static or dynamic) of the primary (highest priority) WAN port to set up the VPN tunnel as long as the corresponding WAN1 or WAN2 connection is up. If the corresponding WAN1 or WAN2 connection goes down, the device uses the IP address of the other WAN port. • If both WAN connections go down, the device uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using traffic redirect. See the chapter on WAN for details on dial backup and traffic redirect. My ZyWALL Domain Name This field is enabled if My ZyWALL Address Type is IP Address. Enter the domain name associated with the device in the VPN tunnel. Vantage CNM User's Guide 141