P-661H-D Series Support Notes
disconnected either manually, by idle timer, or because of power cycle, packet
triggering is still necessary to make the tunnel up.
14. Single, Range, Subnet, which types of IP address do P-661H-D
support in VPN/IPSec?
P-661H-D supports all of the types. In other words, you can specify a single
PC, a range of PCs or even a network of PCs to utilize the VPN/IPSec service.
15. Can P-661H-D support VPN passthrough?
Yes, P-661H-D can support VPN (IPSec, PPTP) passthrough. P-661H-D
series don't only support IPSec/VPN gateway, it can also be a NAT router
supporting VPN (IPSec, PPTP) passthrough.
If the VPN connection is initiated from the security gateway behind P-661H-D,
no configuration is necessary for NAT/ Firewall.
If the VPN connection is initiated from the security gateway outside of
P-661H-D, NAT port forwarding and Firewall forwarding are necessary.
To configure NAT port forwarding, please go to Web Configurator,
Network ->
NAT -> Port Forwarding,
put the secure gateway's IP address in default
server.
To configure Firewall forwarding, please go to Web Configurator,
Security ->
Firewall -> Rules
, select Packet Direction
WAN to LAN
, and create a firewall
rule that forwards IKE(UDP:500).
16. Can P-661H-D behave as a NAT router supporting IPSec passthrough
and an IPSec gateway simultaneously?
No, P-661H-D can't support them simultaneously. You need to choose either
one. If P-661H-D is to support IPSec passthrough, you have to disable the
VPN function on P-661H-D. To disable it, you can either deactivate each VPN
rule or issue a CI command, "
ipsec switch off
" from
CLI
.
36
All contents copyright © 2006 ZyXEL Communications Corporation.