ZyXEL Communications USG 2000 445

Chapter 25 IPSec VPN

SA). Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order.

Figure 328 Configuration > VPN > IPSec VPN > VPN Connection

Each field is discussed in the following table. See Section 25.2.2 on page 453 and Section 25.2.1 on page 446 for more information.

Table 117 Configuration > VPN > IPSec VPN > VPN Connection

LABEL	DESCRIPTION
Use Policy	Select this to be able to use policy routes to manually specify the
Route to	destination addresses of dynamic IPSec rules. You must manually create
control	these policy routes. The ZyWALL automatically obtains source and
dynamic	destination addresses for dynamic IPSec rules that do not match any of
IPSec rules	the policy routes.
	Clear this to have the ZyWALL automatically obtain source and
	destination addresses for all dynamic IPSec rules.
	See Section 6.4.2 on page 101 for how this option affects the routing
	table.

Ignore	Select this to fragment packets larger than the MTU (Maximum
""Don't	Transmission Unit) that have the “don’t” fragment” bit in the IP header
Fragment""	turned on. When you clear this the ZyWALL drops packets larger than the
setting in	MTU that have the “don’t” fragment” bit in the header turned on.
packet header

Add	Click this to create a new entry.

Edit	Double-click an entry or select it and click Edit to open a screen where
	you can modify the entry’s settings.

Remove	To remove an entry, select it and click Remove. The ZyWALL confirms
	you want to remove it before doing so.

Activate	To turn on an entry, select it and click Activate.

Inactivate	To turn off an entry, select it and click Inactivate.

Connect	To connect an IPSec SA, select it and click Connect.