Ipsec Sa (Ike Phase 2) Overview; The General Screen - ZyXEL Communications NBG-5715 User Manual
32” class 31.5” diagonal
Hide thumbs
Also See for NBG-5715:
- User manual (252 pages) ,
- Brochure (4 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
Chapter 18 IPSec VPN
You can usually provide a static IP address or a domain name for the remote IPSec router as well.
Sometimes, you might not know the IP address of the remote IPSec router (for example,
telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router can
initiate an IKE SA.
18.3.2 IPSec SA (IKE Phase 2) Overview
Once the NBG5715 and remote IPSec router have established the IKE SA, they can securely
negotiate an IPSec SA through which to send data between computers on the networks.
Note: The IPSec SA stays connected even if the underlying IKE SA is not available
anymore.
Local Network and Remote Network
In an IPSec SA, the local network consists of devices connected to the NBG5715 and may be called
the local policy. Similarly, the remote network consists of the devices connected to the remote
IPSec router and may be called the remote policy.
Note: It is not recommended to set a VPN rule's local and remote network settings both
to 0.0.0.0 (any). This causes the NBG5715 to try to forward all access attempts (to
the local network, the Internet or even the NBG5715) to the remote IPSec router.
In this case, you can no longer manage the NBG5715.
18.4 The General Screen
The following figure helps explain the main fields in the web configurator.
Figure 77 IPSec Fields Summary
Local Network
Local IP Address
Local and remote IP addresses must be static.
126
Remote
IPSec Router
VPN Tunnel
Remote Network
Remote IP Address
NBG5715 User's Guide
Advertisement
Table of Contents
Troubleshooting
