Chapter 21 IPSec VPN
USG20(W)-VPN Series User’s Guide
349
Each field is described in the following table.
Table 137
Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit
LABEL
DESCRIPTION
Show Advanced
Settings / Hide
Advanced Settings
Click this button to display a greater or lesser number of configuration fields.
Create New Object
Use to configure any new settings objects that you need to use in this screen.
General Settings
Enable
Select this to activate the VPN Gateway policy.
VPN Gateway
Name
Type the name used to identify this VPN gateway. You may use 1-31 alphanumeric
characters, underscores(
_
), or dashes (-), but the first character cannot be a number.
This value is case-sensitive.
IKE Version
IKEv1 / IKEv2
Select
IKEv1
or
IKEv2
.
IKEv1
applies to IPv4 traffic only. IKEv2 applies to both IPv4
and IPv6 traffic. IKE (Internet Key Exchange) is a protocol used in setting up security
associations that allows two parties to send data securely. See
for more information on IKEv1 and IKEv2.
Gateway Settings
My Address
Select how the IP address of the USG in the IKE SA is defined.
If you select
Interface
, select the Ethernet interface, VLAN interface, virtual Ethernet
interface, virtual VLAN interface or PPPoE/PPTP interface. The IP address of the USG in
the IKE SA is the IP address of the interface.
If you select
Domain Name / IP
, enter the domain name or the IP address of the
USG. The IP address of the USG in the IKE SA is the specified IP address or the IP
address corresponding to the domain name. 0.0.0.0 is not generally recommended as it
has the USG accept IPSec requests destined for any interface address on the USG.
Peer Gateway
Address
Select how the IP address of the remote IPSec router in the IKE SA is defined.
Select
Static Address
to enter the domain name or the IP address of the remote IPSec
router. You can provide a second IP address or domain name for the USG to try if it
cannot establish an IKE SA with the first one.
Fall back to Primary Peer Gateway when possible
: When you select this, if the
connection to the primary address goes down and the USG changes to using the
secondary connection, the USG will reconnect to the primary address when it
becomes available again and stop using the secondary connection. Users will lose
their VPN connection briefly while the USG changes back to the primary connection.
To use this, the peer device at the secondary address cannot be set to use a nailed-
up VPN connection. In the
Fallback Check Interval
field, set how often to check if
the primary address is available.
Select
Dynamic Address
if the remote IPSec router has a dynamic IP address (and
does not use DDNS).
Authentication
Note: The USG and remote IPSec router must use the same authentication method to
establish the IKE SA.
Summary of Contents for ZyWall USG20-VPN
Page 17: ...17 PART I User s Guide ...
Page 18: ...18 ...
Page 99: ...99 PART II Technical Reference ...
Page 100: ...100 ...