Wireless Firewall Router User's Guide

ManualsBrandsZyXEL Communications ManualsNetwork RouterP-335WT

181

182

183

184

185

186

187

188

189

190

P-335 Series User’s Guide

Chapter 13 VPN Screens 180

Remote Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535.

Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80,

HTTP; 25, SMTP; 110, POP3

Remote Port End Enter a port number in this field to define a port range. This port number must

be greater than that specified in the previous field (or equal to it for configuring

an individual port).

My IP Address Enter the WAN IP address of your Prestige. The Prestige uses its current WAN

IP address (static or dynamic) in setting up the VPN tunnel if you leave this

field as 0.0.0.0. The VPN tunnel has to be rebuilt if this IP address changes.

Local ID Type Select IP to identify this Prestige by its IP address.

Select DNS to identify this Prestige by a domain name.

Select E-mail to identify this Prestige by an e-mail address.

Local Content When you select IP in the Local ID Type field, type the IP address of your

computer in the local Content field. The Prestige automatically uses the IP

address in the My IP Address field (refer to the My IP Address field

description) if you configure the local Content field to 0.0.0.0 or leave it blank.

It is recommended that you type an IP address other than 0.0.0.0 in the local

Content field or use the DNS or E-mail ID type in the following situations.

• When there is a NAT router between the two IPSec routers.

• When you want the remote IPSec router to be able to distinguish between

VPN connection requests that come in from IPSec routers with dynamic

WAN IP addresses.

When you select DNS or E-mail in the Local ID Type field, type a domain

name or e-mail address by which to identify this Prestige in the local Content

field. Use up to 31 ASCII characters including spaces, although trailing spaces

are truncated. The domain name or e-mail address is for identification

purposes only and can be any string.

Secure Gateway

Address

Type the WAN IP address or the URL (up to 31 characters) of the remote

secure gateway with which you're making the VPN connection. Set this field to

0.0.0.0 if the remote secure gateway has a dynamic WAN IP address (the

IPSec Keying Mode field must be set to IKE).

Peer ID Type Select IP to identify the remote IPSec router by its IP address.

Select DNS to identify the remote IPSec router by a domain name.

Select E-mail to identify the remote IPSec router by an e-mail address.

Peer Content The configuration of the peer content depends on the peer ID type.

•For IP, type the IP address of the computer with which you will make the

VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the

Prestige will use the address in the Secure Gateway Address field (refer

to the Secure Gateway Address field description).

•For DNS or E-mail, type a domain name or e-mail address by which to

identify the remote IPSec router. Use up to 31 ASCII characters including

spaces, although trailing spaces are truncated. The domain name or e-mail

address is for identification purposes only and can be any string.

It is recommended that you type an IP address other than 0.0.0.0 or use the

DNS or E-mail ID type in the following situations:

• When there is a NAT router between the two IPSec routers.

When you want the Prestige to distinguish between VPN connection requests

that come in from remote IPSec routers with dynamic WAN IP addresses.

IKE Phase 1 A phase 1 exchange establishes an IKE SA (Security ).

Negotiation Mode Select Main or Aggressive from the drop-down list box. The Prestige's

negotiation mode should be identical to that on the remote secure gateway.

Table 73 Advanced Rule Setup (continued)

LABEL DESCRIPTION