P-661H-D Series Support Notes
IP address dynamically assigned from ISP, so P-661H-D needs additional
information to make the decision. Such additional information is what we call
phase 1 ID. In the IKE payload, there are local and peer ID field to achieve this.
14. What is FQDN?
FQDN(Fully Qualified Domain Name), IKE standard takes it as one type of
Phase 1 ID.
As we mentioned, Phase 1 ID is an identification for each VPN peer. The type
of Phase 1 ID may be IP/FQDN(DNS)/Ueser FQDN(E-mail). The content of
Phase 1 ID depends on the Phase 1 ID type. The following is an example for
how to configure phase 1 ID.
ID type Content
------------------------------------
IP 202.132.154.1
DNS www.zyxel.com
E-mail [email protected]
Please note that, on Prestige, if "DNS" or "E-mail" type is choosen, you can still
use a random string as the content, such as "this_is_Prestige". It's not
neccessary to follow the format exactly.
By default, the device takes IP as phase 1 ID type for itself and it's remote peer.
But if it's remote peer is using DNS or E-mail, you have to ajust the settings to
pass phase 1 ID checking.
15. When should I use FQDN?
If your VPN connection is Preatige to Prestige, and both of them have static IP
address, and there is no NAT router in between, you can ignore this option.
Just leave Local/Peer ID type as IP.
If either side of VPN tunneling end point is using dynamic IP address, you may
need to configure ID for the one with dynamic IP address. And in this case,
"Aggressive mode" is recommended to be applied in phase 1 negotiation.
Advanced FAQ
1. How do I configure VPN?
You can configure VPN via Web Configurator, Advanced Setup,
Security ->
VPN -> Summary.
31
All contents copyright © 2006 ZyXEL Communications Corporation.