ZyXEL Communications 110, 1100, 310 Add, Edit, Apply, Reset, Connect, Activate, Inactivate, Disconnect, Configuration > VPN Connection, VPN Connection Add/Edit Gateway

Chapter 20 IPSec VPN

Each field is discussed in the following table. See Section 20.2.2 on page 292 and Section 20.2.1 on page 286 for more information.

Table 106 Configuration > VPN > IPSec VPN > VPN Connection

LABEL	DESCRIPTION
Use Policy	Select this to be able to use policy routes to manually specify the destination addresses of
Route to control	dynamic IPSec rules. You must manually create these policy routes. The ZyWALL
dynamic IPSec	automatically obtains source and destination addresses for dynamic IPSec rules that do not
rules	match any of the policy routes.
	Clear this to have the ZyWALL automatically obtain source and destination addresses for all
	dynamic IPSec rules.

Ignore "Don't	Select this to fragment packets larger than the MTU (Maximum Transmission Unit) that have
Fragment"	the “don’t” fragment” bit in the IP header turned on. When you clear this the ZyWALL drops
setting in	packets larger than the MTU that have the “don’t” fragment” bit in the header turned on.
packet header

Add	Click this to create a new entry.

Edit	Double-click an entry or select it and click Edit to open a screen where you can modify the
	entry’s settings.

Remove	To remove an entry, select it and click Remove. The ZyWALL confirms you want to remove
	it before doing so.

Activate	To turn on an entry, select it and click Activate.

Inactivate	To turn off an entry, select it and click Inactivate.

Connect	To connect an IPSec SA, select it and click Connect.

Disconnect	To disconnect an IPSec SA, select it and click Disconnect.

Object	Select an entry and click Object Reference to open a screen that shows which settings use
Reference	the entry. See Section 7.3.2 on page 122 for an example.

#	This field is a sequential value, and it is not associated with a specific connection.

Status	The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is
	inactive.
	The connect icon is lit when the interface is connected and dimmed when it is disconnected.

Name	This field displays the name of the IPSec SA.

VPN Gateway	This field displays the associated VPN gateway(s). If there is no VPN gateway, this field
	displays “manual key”.

Encapsulation	This field displays what encapsulation the IPSec SA uses.

Algorithm	This field displays what encryption and authentication methods, respectively, the IPSec SA
	uses.

Policy	This field displays the local policy and the remote policy, respectively.

Apply	Click Apply to save your changes back to the ZyWALL.

Reset	Click Reset to return the screen to its last-saved settings.

20.2.1 The VPN Connection Add/Edit (IKE) Screen

The VPN Connection Add/Edit Gateway screen allows you to create a new VPN connection policy or edit an existing one. To access this screen, go to the Configuration > VPN Connection screen (see Section 20.2 on page 285), and click either the Add icon or an Edit icon.

286
286	ZyWALL 110/310/1100 Series User’s Guide