ZyXEL ZyWALL ATP700 User Guide - Page 436
IKEv1, IKEv2, Interface, Domain Name / IP, Static Address, Fall back to Primary Peer Gateway when
View all ZyXEL ZyWALL ATP700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 436 highlights
Chapter 19 IPSec VPN Each field is described in the following table. Table 166 Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit LABEL DESCRIPTION Show Advanced Settings / Hide Advanced Settings Create New Object General Settings Enable VPN Gateway Name IKE Version IKEv1 / IKEv2 Gateway Settings My Address Click this button to display a greater or lesser number of configuration fields. Use to configure any new settings objects that you need to use in this screen. Select this to activate the VPN Gateway policy. Type the name used to identify this VPN gateway. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be a number. This value is case-sensitive. Select IKEv1 or IKEv2. IKEv1 applies to IPv4 traffic only. IKEv2 applies to both IPv4 and IPv6 traffic. IKE (Internet Key Exchange) is a protocol used in setting up security associations that allows two parties to send data securely. See Section 19.1 on page 419 for more information on IKEv1 and IKEv2. Select how the IP address of the Zyxel Device in the IKE SA is defined. If you select Interface, select the Ethernet interface, VLAN interface, virtual Ethernet interface, virtual VLAN interface or PPPoE/PPTP interface. The IP address of the Zyxel Device in the IKE SA is the IP address of the interface. Peer Gateway Address If you select Domain Name / IP, enter the domain name or the IP address of the Zyxel Device. The IP address of the Zyxel Device in the IKE SA is the specified IP address or the IP address corresponding to the domain name. 0.0.0.0 is not generally recommended as it has the Zyxel Device accept IPSec requests destined for any interface address on the Zyxel Device. Select how the IP address of the remote IPSec router in the IKE SA is defined. Select Static Address to enter the domain name or the IP address of the remote IPSec router. You can provide a second IP address or domain name for the Zyxel Device to try if it cannot establish an IKE SA with the first one. Authentication Fall back to Primary Peer Gateway when possible: When you select this, if the connection to the primary address goes down and the Zyxel Device changes to using the secondary connection, the Zyxel Device will reconnect to the primary address when it becomes available again and stop using the secondary connection. Users will lose their VPN connection briefly while the Zyxel Device changes back to the primary connection. To use this, the peer device at the secondary address cannot be set to use a nailed-up VPN connection. In the Fallback Check Interval field, set how often to check if the primary address is available. Select Dynamic Address if the remote IPSec router has a dynamic IP address (and does not use DDNS). Note: The Zyxel Device and remote IPSec router must use the same authentication method to establish the IKE SA. ZyWALL ATP Series User's Guide 436