ZyXEL Communications 4.04 16.2 swSkipOverlapIp

Chapter 16 IPSec Commands

16.2 swSkipOverlapIp

Normally, we don't configure the local VPN policy rule’s IP addresses to overlap with the remote VPN policy rule’s IP addresses. For example, we don't configure both with 192.168.1.0. However, overlapping local and remote network IP addresses can occur in the following cases.

1You configure a dynamic VPN rule for a remote site. (See Figure 4 on page 128.)

For example, when you configure the ZyWALL X, you configure the local network as 192.168.1.0 and the remote network as any (0.0.0.0). The “any” includes all possible IP addresses. It will forward traffic from network A to network B even if both the sender (ex. 192.168.1.8) and the receiver (ex. 192.168.1.9) are in network A.

Figure 4 Dynamic VPN Rule

Using the command ipsec swSkipOverlapIp on has ZyWALL X check if a packet’s destination is also at the local network before forwarding the packet. If it is, the ZyWALL sends the traffic to the local network. Setting ipsec swSkipOverlapIp to off disables the checking for local network IP addresses.

2You configure an IP alias network that overlaps with the VPN remote network. (See Figure 5.)

For example, you have an IP alias network M (10.1.2.0/24) in ZyWALL X’s LAN. For the VPN rule, you configure the VPN network as follows.

•Local IP address start: 192.168.1.1, end: 192.168.1.254

•Remote IP address start: 10.1.2.240, end: 10.1.2.254 IP address 10.1.2.240 to 10.1.2.254 overlap.

Figure 5 IP Alias

128
128	ZyWALL (ZyNOS) CLI Reference Guide

Contents

www.zyxel.com Page About This CLI Reference Guide Intended Audience How To Use This Guide Contents Overview Index of Commands Page Document Conventions Warnings and Notes Syntax Conventions ip-address name Page Copy and Paste Commands Icons Used in Figures Contents Overview Introduction Appendices and Index of Commands Page Page Page How to Access and Use the CLI 1.1 Accessing the CLI 1.1.1 Console Port 1.1.2Telnet 1.1.3 SSH 1.2Logging in 1.3 Using Shortcuts and Getting Help Abbreviations 1.4 Saving Your Configuration 1.5 Logging Out Common Commands 2.1 Change the Idle Timeout 2.2 Interface Information Chapter 2 Common Commands To view information on all interfaces, enter ip ifconfig To view DHCP information on the LAN port, enter ip dhcp enif0 status Page To view the ARP table for the LAN port, enter ip arp status enif0 ip nat session To see the IP routing table, enter the following command 2.3 Basic System Information Use the following command to view the ZyWALL’s time and date Use the following command to restart your ZyWALL right away Page Use the following command to display all ZyWALL error logs 2.4 UTM and myZyXEL.com This command displays your ZyWALL’s registration information This command displays ZyWALL service registration details Page Page 2.5 Firewall 2.6 VPN 2.7 Dialing PPPoE and PPTP Connections This example shows dialing up remote node “WAN 1” using PPTP Page Page Antispam Commands 3.1 Command Summary 3.2 Command Examples Antivirus Commands 4.1 Command Summary Chapter 4 Antivirus Commands Table 12 av Commands (continued) Table 13 av Default Values 4.2 Command Examples Auxiliary (Dial Backup) Commands 5.1 Command Summary 5.2 Command Examples This example displays the dial backup port’s transmit and receive rates Table 17 aux rate aux0 This example displays details about the dial backup port’s signal Table 18 aux rate aux0 Table 18 aux rate aux0 (continued) Bandwidth Management Page Page Page Page Page Page Page Bridge Commands 7.1 Command Summary Chapter 7 Bridge Commands Table 22 Bridge Commands (continued) 7.2 Command Examples Page Certificates Commands 8.1 Command Summary Chapter 8 Certificates Commands The following section lists the certificates commands Table 24 Certificates Commands Table 24 Certificates Commands (continued) 8.2 Command Examples 8.2.1 Saving Certificates as PEM-encodedFormat 2Click Details and Copy to File Next Base-64 encoded X.509 (.CER) Finish CNM Agent Commands 9.1 Command Summary 9.2 Command Examples Page Page Configuration Commands 10.1 Command Summary day entry# mask string, e mail timeout Table 27 config Command Summary (continued) Page Page Page Page Page Page 10.2 Default Values 10.3 Command Examples 10.3.1 Firewall Example index The following table shows the interfaces assigned to each set number Table 31 Set-InterfaceAssignments LAN to WAN1 WAN1 to LAN DMZ to LAN Page 10.3.2 Anti-spamExample 10.3.3 Custom Service Example Device Related Commands 11.1 Overview 11.2 Command Summary 11.3 Command Example Ethernet Commands 12.1 Command Summary 12.2 Command Examples Firewall Commands 13.1 Command Summary Chapter 13 Firewall Commands The following section lists the firewall commands Table 39 Firewall Commands 13.2 Command Examples Page Page Page IDP Commands 14.1 Command Summary Chapter 14 IDP Commands Table 40 IDP Commands (continued) Page 14.2 Command Examples IP Commands 15.1 Command Summary 15.1.1 ALG Commands 15.1.2 ARP Commands 15.1.3 ARP Behavior and the ARP ackGratuitous Command Details 15.1.3.1 Commands for Using or Ignoring Gratuitous ARP Requests to have the ZyWALL update the MAC address in the ARP entry to have the ZyWALL not update the MAC address in the ARP entry 15.1.4 Binding Commands 15.1.5 Content Filtering Commands Table 45 Content Filtering Commands (continued) Page Page 15.1.6 Content Filtering Command Examples • Schedule Period: 9:00 A.M. to 5:30 P.M 15.1.7 Custom Port Commands 15.1.8 DHCP Commands 15.1.9 DNS Commands Table 48 DNS Commands (continued) Page 15.1.10 DNS Command Examples 15.1.11 HTTP Commands 15.1.12 ICMP Commands 15.1.13 ICMP Command Example 15.1.14 IGMP Commands 15.1.15 IGMP Command Example 15.1.16 NAT Commands 15.1.17 NAT Routing Command Example 15.1.18 Route Commands 15.1.19 Report and Status Commands 15.1.20 Static Route Commands 15.1.21 Static Route Command Example 15.1.22 Traffic Redirect Commands 15.1.23 Other IP Commands 15.1.24 Interface Command Example 15.1.25 Ping Command Example Page IPSec Commands 16.1 Command Summary Chapter 16 IPSec Commands Table 61 Ipsec Commands (continued) Page Page Page Page Page 16.2 swSkipOverlapIp 16.3 Detect Zombie Tunnels in Tunnel or Gateway Mode 16.4 Command Examples This example adds an IPSec rule as follows 1The IPSec Rule Index: 2Rule Name: VPN-ph2 3Active 4Link the IPSec settings with which IKE index rule: Page Load Balancing Commands 17.1 Command Summary 17.2 Command Examples myZyXEL.com Commands ZyWALL 18.1Command Summary 18.2 Country Codes Page Page Page Page Page 18.3 Command Examples Table 66 sys myZyxelCom serviceDisplay Command Output Page PPPoE Commands 19.1 Command Summary 19.2 Command Examples wan_1 Page PPTP Commands 20.1 Command Summary 20.2 Command Examples System Commands 21.1 Local User Database Commands 21.2 Local User Database Commands Example 21.3 Date and Time Commands 21.4 Diagnostic Commands 21.4.1 Logs Commands Table 74 Logs Commands (continued) Page 21.5Configuring What You Want the ZyWALL to Log 21.5.1Displaying Logs 21.5.2Log Command Example 21.6 Remote Node Commands 21.7 Remote Management Commands 21.8 Remote Management Commands Example 21.9 Threat Report Commands 21.10 Temporarily Open Session Commands 21.10.1 UPnP Commands 21.10.2 UPnP Commands Example 21.10.3 Other System Commands Table 80 Other sys Commands (continued) Page Wireless Commands 22.1 Command Summary Chapter 22 Wireless Commands Table 81 General Wireless Commands (continued) Table 82 Wireless SSID Profile Commands Table 83 Wireless WEP Key Command Input Values 22.2 Command Examples •Security profile name: Sec-01 •Security mode: WPA2 with Pre-SharedKey •Group key update time interval: every 600 seconds •Passphrase: aaaaaaaa •SSID profile name: SSID-01 WWAN Commands 23.1 Command Summary Chapter 23 WWAN Commands Table 86 wwan Command Summary (continued) Table 87 wwan Default Values 23.2 Command Examples Page Page Page Page Legal Information Copyright Disclaimer Trademarks Certifications FCC Radiation Exposure Statement Notices Viewing Certifications ZyXEL Limited Warranty Note Registration Page Customer Support Required Information Corporate Headquarters (Worldwide) China - ZyXEL Communications (Beijing) Corp China - ZyXEL Communications (Shanghai) Corp Costa Rica Czech Republic Denmark Finland France Germany Hungary India Japan Kazakhstan Malaysia North America Norway Poland Russia Singapore Spain Sweden Taiwan Thailand Turkey Ukraine United Kingdom Index of Commands