![background image](/i/zyxel/144895/zyxel-zywall-2-ee/h/zyxel-zywall-2-ee-226.png)
ZyWALL 2 Series User’s Guide
14-20
VPN Screens
Table 14-7 Basic IKE VPN Rule Edit
LABEL
DESCRIPTION
My IP Address
Enter the WAN IP address of your ZyWALL. The VPN tunnel has to be rebuilt if this IP
address changes.
The following applies if this field is configured as
0.0.0.0
:
The ZyWALL uses the current ZyWALL WAN IP address (static or dynamic) to set up
the VPN tunnel.
If the WAN connection goes down, the ZyWALL uses the dial backup IP address for
the VPN tunnel when using dial backup or the LAN IP address when using traffic
redirect. See the chapter on WAN for details on dial backup and traffic redirect.
Secure Gateway
Address
Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with which
you're making the VPN connection. Set this field to
0.0.0.0
if the remote IPSec router has
a dynamic WAN IP address (the
Key Management
(or
IPSec Keying Mode
) field must be
set to
IKE
).
In order to have more than one active rule with the
Secure Gateway Address
field set to
0.0.0.0
, the ranges of the local IP addresses cannot overlap between rules.
If you configure an active rule with
0.0.0.0
in the
Secure Gateway Address
field and the
LAN’s full IP address range as the local IP address, then you cannot configure any other
active rules with the
Secure Gateway Address
field set to
0.0.0.0
.
Encapsulation
Mode
Select
Tunnel
mode or
Transport
mode from the drop-down list box.
ESP
Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol
(RFC 2406) provides encryption as well as some of the services offered by AH. If you
select ESP here, you must select options from the
Encryption Algorithm
and
Authentication Algorithm
fields (described below).