ZyXEL ZyWALL ATP700 User Guide - Page 429
IPSec VPN, ZyWALL ATP Series User's Guide, Table 164, Configuration > VPN > IPSec
View all ZyXEL ZyWALL ATP700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 429 highlights
Chapter 19 IPSec VPN Table 164 Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (continued) LABEL DESCRIPTION Application Scenario Select the scenario that best describes your intended VPN connection. Site-to-site - Choose this if the remote IPSec router has a static IP address or a domain name. This Zyxel Device can initiate the VPN tunnel. Site-to-site with Dynamic Peer - Choose this if the remote IPSec router has a dynamic IP address. Only the remote IPSec router can initiate the VPN tunnel. Remote Access (Server Role) - Choose this to allow incoming connections from IPSec VPN clients. The clients have dynamic IP addresses and are also known as dial-in users. Only the clients can initiate the VPN tunnel. Remote Access (Client Role) - Choose this to connect to an IPSec server. This Zyxel Device is the client (dial-in user) and can initiate the VPN tunnel. VPN Gateway Policy Local Policy Remote Policy Enable GRE over IPSec Policy Enforcement VPN Tunnel Interface - Choose this to set up a VPN tunnel interface to bind with a VPN connection. The Zyxel Device can use the interface to do load balancing using a specific Trunk. The remote IPSec router should have a static IP address or a domain name. See Configuration > Network > Interface > VTI. Select the VPN gateway this VPN connection is to use or select Create Object to add another VPN gateway for this VPN connection to use. Select the address corresponding to the local network. Use Create new Object if you need to configure a new one. Select the address corresponding to the remote network. Use Create new Object if you need to configure a new one. Select this to allow traffic using the Generic Routing Encapsulation (GRE) tunneling protocol through an IPSec tunnel. Clear this to allow traffic with source and destination IP addresses that do not match the local and remote policy to use the VPN tunnel. Leave this cleared for free access between the local and remote networks. Mode Config Enable Mode Config IP Address Pool First DNS Server (Optional) Second DNS Server (Optional) First WINS Server (Optional) Second WINS Server (Optional) Configuration Payload Enable Configuration Payload IP Address Pool: Selecting this restricts who can use the VPN tunnel. The Zyxel Device drops traffic with source and destination IP addresses that do not match the local and remote policy. This is visible when you select Remote Access (Server Role) and a VPN Gateway. Select this to have the IPSec VPN client receive an IP address, DNS and WINS information from the Zyxel Device. Select an address object from the drop-down list box. The Domain Name System (DNS) maps a domain name to an IP address and vice versa. The Zyxel Device uses these (in the order you specify here) to resolve domain names for VPN. Enter a DNS server's IP address. Enter a secondary DNS server's IP address that is checked if the first one is unavailable. Type the IP address of the WINS (Windows Internet Naming Service) server that you want to send to the DHCP clients. The WINS server keeps a mapping table of the computer names on your network and the IP addresses that they are currently using. Enter a secondary WINS server's IP address that is checked if the first one is unavailable. This is only available when you have created an IKEv2 Gateway and are using Remote Access (Server Role). Select this to have at least have the IP address pool included in the VPN setup data. Select an address object from the drop-down list box. ZyWALL ATP Series User's Guide 429