Chapter 14 IPSec VPN
Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy (continued)
LABEL | DESCRIPTION |
|
Associated | The following table shows the policy(ies) you configure for this rule. | |
Network Policies | To add a VPN policy, click the add network policy ( | ) icon in the VPN Rules |
| (IKE) screen (see Figure 172 on page 256). Refer to Section 14.8 on page 278 | |
| for more information. |
|
|
|
|
# | This field displays the policy index number. |
|
|
|
|
Name | This field displays the policy name. |
|
|
| |
Local Network | This field displays one or a range of IP address(es) of the computer(s) behind the | |
| ZyWALL. |
|
|
| |
Remote Network | This field displays one or a range of IP address(es) of the remote network behind | |
| the remote IPsec router. |
|
|
|
|
Apply | Click Apply to save your changes back to the ZyWALL. |
|
|
|
|
Cancel | Click Cancel to exit this screen without saving. |
|
|
|
|
14.6 IPSec SA Overview
Once the ZyWALL and remote IPSec router have established the IKE SA, they can securely negotiate an IPSec SA through which to send data between computers on the networks.
"The IPSec SA stays connected even if the underlying IKE SA is not available anymore.
This section introduces the key components of an IPSec SA.
14.6.1Local Network and Remote Network
In an IPSec SA, the local network consists of devices connected to the ZyWALL and may be called the local policy. Similarly, the remote network consists of the devices connected to the remote IPSec router and may be called the remote policy.
You can configure a remote network as 0.0.0.0 (any) when:
•Forwarding all outgoing traffic to the remote gateway.
•The remote network's addresses are unknown or there are many remote networks using one VPN rule (see Section 14.15.1 on page 289 for an example of telecommuters sharing one VPN rule).
"It is not recommended to set a VPN rule’s local and remote network settings both to 0.0.0.0 (any).
270 |
| |
ZyWALL 2 Plus User’s Guide |
| |
|
|
|