Chapter 14 IPSec VPN
The following table describes the labels in this screen.
Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy
LABEL | DESCRIPTION |
Property |
|
|
|
Name | Type up to 32 characters to identify this VPN gateway policy. You may use any |
| character, including spaces, but the ZyWALL drops trailing spaces. |
|
|
NAT Traversal | Select this check box to enable NAT traversal. NAT traversal allows you to set up |
| a VPN connection when there are NAT routers between the two IPSec routers. |
| Note: The remote IPSec router must also have NAT traversal |
| enabled. See Section 14.3.1.5 on page 261 for more |
| information. |
| You can use NAT traversal with ESP protocol using Transport or Tunnel mode, |
| but not with AH protocol nor with manual key management. In order for an IPSec |
| router behind a NAT router to receive an initiating IPSec packet, set the NAT |
| router to forward UDP ports 500 and 4500 to the IPSec router behind the NAT |
| router. |
|
|
Gateway Policy |
|
Information |
|
|
|
My ZyWALL | When the ZyWALL is in router mode, this field identifies the WAN IP address or |
| domain name of the ZyWALL. You can select My Address and enter the |
| ZyWALL's static WAN IP address (if it has one) or leave the field set to 0.0.0.0. |
| The ZyWALL uses its current WAN IP address (static or dynamic) in setting up |
| the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes |
| down, the ZyWALL uses the dial backup IP address for the VPN tunnel when |
| using dial backup or the LAN IP address when using traffic redirect. |
| Otherwise, you can select My Domain Name and choose one of the dynamic |
| domain names that you have configured (in the DDNS screen) to have the |
| ZyWALL use that dynamic domain name's IP address. |
| When the ZyWALL is in bridge mode, this field is |
| ZyWALL’s IP address. |
| The VPN tunnel has to be rebuilt if the My ZyWALL IP address changes after |
| setup. |
|
|
Primary Remote | Type the WAN IP address or the domain name (up to 31 characters) of the IPSec |
Gateway | router with which you're making the VPN connection. Set this field to 0.0.0.0 if the |
| remote IPSec router has a dynamic WAN IP address. |
| In order to have more than one active rule with the Primary Remote Gateway |
| field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between |
| rules. |
| If you configure an active rule with 0.0.0.0 in the Primary Remote Gateway field |
| and the LAN’s full IP address range as the local IP address, then you cannot |
| configure any other active rules with the Primary Remote Gateway field set to |
| 0.0.0.0. |
|
|
Enable IPSec High | Turn on the high availability feature to use a redundant (backup) VPN connection |
Availability | to another WAN interface on the remote IPSec router if the primary (regular) VPN |
| connection goes down. The remote IPSec router must have a second WAN |
| connection in order for you to use this. |
| To use this, you must identify both the primary and the redundant remote IPSec |
| routers by WAN IP address or domain name (you cannot set either to 0.0.0.0). |
|
|
Redundant | Type the WAN IP address or the domain name (up to 31 characters) of the |
Remote Gateway | backup IPSec router to use when the ZyWALL cannot connect to the primary |
| remote gateway. |
266 |
| |
ZyWALL 2 Plus User’s Guide |
| |
|
|
|