![background image](/i/zyxel/144895/zyxel-zywall-2-ee/h/zyxel-zywall-2-ee-225.png)
ZyWALL 2 Series User’s Guide
VPN Screens
14-19
Table 14-7 Basic IKE VPN Rule Edit
LABEL
DESCRIPTION
Content The
configuration
of the peer content depends on the peer ID type.
Do the following when you set
Authentication Method
to
Pre-shared Key
.
For
IP
, type the IP address of the computer with which you will make the VPN
connection. If you configure this field to
0.0.0.0
or leave it blank, the ZyWALL will
use the address in the
Secure Gateway Address
field (refer to the
Secure
Gateway Address
field description).
For
DNS
or
, type a domain name or e-mail address by which to identify
the remote IPSec router. Use up to 31 ASCII characters including spaces,
although trailing spaces are truncated. The domain name or e-mail address is for
identification purposes only and can be any string.
It is recommended that you type an IP address other than
0.0.0.0
or use the
DNS
or
E-
ID type in the following situations:
When there is a NAT router between the two IPSec routers.
When you want the ZyWALL to distinguish between VPN connection requests
that come in from remote IPSec routers with dynamic WAN IP addresses.
Do the following when you set
Authentication Method
to
Certificate
.
For
IP
, type the IP address from the subject alternative name field of the
certificate the remote IPSec router will use for this VPN connection. If you
configure this field to
0.0.0.0
or leave it blank, the ZyWALL will use the address in
the
Secure Gateway Address
field (refer to the
Secure Gateway Address
field
description).
For
DNS
or
, type the domain name or e-mail address from the subject
alternative name field of the certificate the remote IPSec router will use for this
VPN connection.
For
Subject Name
, type the subject name of the certificate the remote IPSec
router will use for this VPN connection.
For
Any
, the peer
Content
field is not available.
Regardless of how you configure the
ID Type
and
Content
fields, two active SAs cannot
have both the local and remote IP address ranges overlap between rules.