Chapter 20 IPSec VPN
Each field is described in the following table.
Table 116 VPN > IPSec VPN > VPN Connection > Edit
LABEL | DESCRIPTION |
General Settings | Click Advanced to display more settings. Click Basic to display fewer settings. |
|
|
Connection | Type the name used to identify this IPSec SA. You may use |
Name | characters, underscores(_), or dashes |
| number. This value is |
Select this if you want the ZyWALL to automatically renegotiate the IPSec SA | |
| when the SA life time expires. |
|
|
Enable Replay | Select this check box to detect and reject old or duplicate packets to protect |
Detection | against |
|
|
Enable NetBIOS | Select this check box if you the ZyWALL to send NetBIOS (Network Basic Input/ |
Broadcast over | Output System) packets through the IPSec SA. |
IPSec | NetBIOS packets are TCP or UDP packets that enable a computer to connect |
| to and communicate with a LAN. It may sometimes be necessary to allow |
| NetBIOS packets to pass through IPSec SAs in order to allow local computers |
| to find computers on the remote network and vice versa. |
|
|
VPN Gateway | Click Advanced to display more settings. Click Basic to display fewer settings. |
|
|
Static | Select this option to connect to a remote IPSec router that uses a static IP |
| address. Select the VPN gateway this VPN connection is to use or select |
| Create Object to add another VPN gateway for this VPN connection to use. |
|
|
Select this option to connect to a remote IPSec router that uses a dynamic IP | |
Dynamic Peer | address. Only the peer will be able to initiate the VPN tunnel. Select the VPN |
| gateway this VPN connection is to use or select Create Object to add another |
| VPN gateway for this VPN connection to use. |
|
|
Remote Access | Select this option to configure a VPN connection policy for management access |
| to the ZyWALL. Only the peer will be able to initiate the VPN tunnel. Select the |
| VPN gateway this VPN connection is to use or select Create Object to add |
| another VPN gateway for this VPN connection to use. |
|
|
Manual Key | Select this option to configure a VPN connection policy that uses a manual key |
| instead of IKE key management. This may be useful if you have problems with |
| IKE key management. See Section 20.2.2 on page 360 for how to configure the |
| manual key fields. |
| Note: Only use manual key as a temporary solution, because it is |
| not as secure as a regular IPSec SA. |
|
|
Policy | Click Advanced to display more settings. Click Basic to display fewer settings. |
|
|
Local Policy | Select the address or address group corresponding to the local network. Select |
| Create Object to configure a new one. |
|
|
Remote Policy | Select the address or address group corresponding to the remote network. |
| Select Create Object to configure a new one. |
|
|
Policy | Clear this to allow traffic with source and destination IP addresses that do not |
Enforcement | match the local and remote policy to use the VPN tunnel. Leave this cleared for |
| free access between the local and remote networks. |
| Note: Clear this to use the IPSec SA in a VPN concentrator. |
| Selecting this restricts who can use the VPN tunnel. The ZyWALL drops traffic |
| with source and destination IP addresses that do not match the local and |
| remote policy. |
|
|
Phase 2 Settings | Click Advanced to display more settings. Click Basic to display fewer settings. |
| 357 |
ZyWALL USG 100/200 Series User’s Guide | |
|
|