Chapter 23 IPSec VPN

 

Table 113 Configuration > VPN > IPSec VPN > VPN Connection > Edit (continued)

 

LABEL

DESCRIPTION

 

Check Method

Select how the ZyWALL checks the connection. The peer must be

 

 

configured to respond to the method you select.

 

 

Select icmp to have the ZyWALL regularly ping the address you

 

 

specify to make sure traffic can still go through the connection. You

 

 

may need to configure the peer to respond to pings.

 

 

Select tcp to have the ZyWALL regularly perform a TCP handshake

 

 

with the address you specify to make sure traffic can still go through

 

 

the connection. You may need to configure the peer to accept the TCP

 

 

connection.

 

 

 

 

Check Port

This field displays when you set the Check Method to tcp. Specify

 

 

the port number to use for a TCP connectivity check.

 

 

 

 

Check Period

Enter the number of seconds between connection check attempts.

 

 

 

 

Check Timeout

Enter the number of seconds to wait for a response before the

 

 

attempt is a failure.

 

 

 

 

Check Fail

Enter the number of consecutive failures allowed before the ZyWALL

 

Tolerance

disconnects the VPN tunnel. The ZyWALL resumes using the first peer

 

 

gateway address when the VPN connection passes the connectivity

 

 

check.

 

 

 

 

Check this

Select this to specify a domain name or IP address for the

 

Address

connectivity check. Enter that domain name or IP address in the field

 

 

next to it.

 

 

 

 

Check the First

Select this to have the ZyWALL check the connection to the first and

 

and Last IP

last IP addresses in the connection’s remote policy. Make sure one of

 

Address in the

these is the peer gateway’s LAN IP address.

 

Remote Policy

 

 

 

 

 

 

Log

Select this to have the ZyWALL generate a log every time it checks

 

 

this VPN connection.

 

 

 

 

Inbound/

 

 

Outbound traffic

 

 

NAT

 

 

 

 

 

Outbound Traffic

 

 

 

 

 

Source NAT

This translation hides the source address of computers in the local

 

 

network. It may also be necessary if you want the ZyWALL to route

 

 

packets from computers outside the local network through the IPSec

 

 

SA.

 

 

 

 

Source

Select the address object that represents the original source address

 

 

(or select Create Object to configure a new one). This is the address

 

 

object for the computer or network outside the local network. The

 

 

size of the original source address range (Source) must be equal to

 

 

the size of the translated source address range (SNAT).

 

 

 

 

Destination

Select the address object that represents the original destination

 

 

address (or select Create Object to configure a new one). This is the

 

 

address object for the remote network.

 

 

 

 

SNAT

Select the address object that represents the translated source

 

 

address (or select Create Object to configure a new one). This is the

 

 

address object for the local network. The size of the original source

 

 

address range (Source) must be equal to the size of the translated

 

 

source address range (SNAT).

 

 

 

 

385

ZyWALL USG 50 User’s Guide