| ZyWALL 2 and ZyWALL 2WE | |
| Table | |
|
| |
LABEL | DESCRIPTION | |
|
| |
| Select this check box to turn on the keep alive feature for this SA. | |
Keep Alive | Turn on keep alive to have the ZyWALL automatically reinitiate the SA after the SA | |
| lifetime times out, even if there is no traffic. The remote IPSec router must also have | |
| keep alive enabled in order for this feature to work. | |
|
| |
IPSec Keying Mode | Select IKE or Manual Key from the | |
so it is generally recommended. Manual Key is a useful option for troubleshooting. | ||
| ||
|
| |
NAT Traversal | Select this check box to enable NAT traversal. NAT traversal allows you to set up a | |
| VPN connection when there are NAT routers between the two IPSec routers. | |
| The remote IPSec router must also have NAT traversal enabled. | |
| You can use NAT traversal with ESP protocol using Transport or Tunnel mode, but | |
| not with AH protocol nor with manual key management. In order for an IPSec router | |
| behind a NAT router to receive an initiating IPSec packet, set the NAT router to | |
| forward UDP port 500 to the IPSec router behind the NAT router. | |
|
| |
| The local IP address must be static and correspond to the remote IPSec router's | |
| configured remote IP addresses. | |
Local Address | Two active SAs can have the same local or remote IP address, but not both. You can | |
| configure multiple SAs between the same local and remote IP addresses, as long as | |
| only one is active at any time. | |
|
| |
| Remote IP addresses must be static and correspond to the remote IPSec router's | |
| configured local IP addresses. The remote address fields do not apply when the | |
| Secure Gateway Address field is configured to 0.0.0.0. In this case only the remote | |
Remote Address Start | IPSec router can initiate the VPN. | |
Two active SAs can have the same local or remote IP address, but not both. You can | ||
| configure multiple SAs between the same local and remote IP addresses, as long as | |
| only one is active at any time. | |
| Enter a (static) IP address on the network behind the remote IPSec router. | |
|
| |
| When the remote IP address is a single address, type it a second time here. | |
Remote Address | When the remote IP address is a range, enter the end (static) IP address, in a range of | |
computers on the network behind the remote IPSec router. | ||
End/Mask | ||
When the remote IP address is a subnet address, enter a subnet mask on the network | ||
| ||
| behind the remote IPSec router. | |
|
|
VPN/IPSec Setup |