For a dynamic IP rule on the ZyWALL, don't attempt to use IP ID - use DNS or email instead (which are just text strings). I have no experience of this client, but this same ID mismatch issue prevents the use of the MS client in Windows XP.
If using certificates, it's best to use the Subject Name / Distinguished Name information from the certificates.
There's more detail on this, including setup details for the ZyXEL / Safenet client, in »
ZyWALL 3.64 firmware / ZyWALL VPN client setupDavid