Chapter 14 IPSec VPN
Figure 189 SECURITY > VPN > Global Setting
The following table describes the labels in this screen.
Table 74 SECURITY > VPN > Global Setting
LABEL | DESCRIPTION |
Output Idle Timer | The ZyWALL disconnects a VPN tunnel if the remote IPSec router does not |
| reply for this number of seconds. |
|
|
Input Idle Timer | When no traffic is received from a remote IPSec router after the specified |
| time period, the ZyWALL disconnects the VPN tunnel. 0 disables the check |
| (this is the default setting). |
| The output idle timer never takes effect if you set this timer to a shorter |
| period. |
|
|
Gateway Domain | This field is applicable when you enter a domain name to identify the |
Name Update Timer | ZyWALL and/or the remote secure gateway. |
| Enter the time period (between 2 and 60 minutes) to wait before the ZyWALL |
| updates the domain name and IP address mapping through a DNS server. |
| The ZyWALL rebuilds the VPN tunnel if it finds that the domain name is now |
| using a different IP address (any users of the VPN tunnel will be temporarily |
| disconnected). |
| Enter 0 to disable this feature. |
|
|
Adjust TCP Maximum | The TCP packets are larger after the ZyWALL encrypts them for VPN. The |
Segment Size | ZyWALL fragments packets that are larger than a connection’s MTU |
| (Maximum Transmit Unit). |
| In most cases you should leave this set to Auto. The ZyWALL automatically |
| sets the Maximum Segment Size (MSS) of the TCP packets that are to be |
| encrypted by VPN based on the encapsulation type. |
| Select Off to not adjust the MSS for the encrypted TCP packets. |
| If your network environment causes fragmentation issues that are affecting |
| your throughput performance, you can manually set a smaller MSS for the |
| TCP packets that are to be encrypted by VPN. Select |
| specify a size from 0~1460 bytes. 0 has the ZyWALL use the auto setting. |
|
|
288 |
| |
ZyWALL 2 Plus User’s Guide |
| |
|
|
|