Chapter 25 IPSec VPN

SA). Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order.

Figure 328 Configuration > VPN > IPSec VPN > VPN Connection

Each field is discussed in the following table. See Section 25.2.2 on page 453 and Section 25.2.1 on page 446 for more information.

Table 117 Configuration > VPN > IPSec VPN > VPN Connection

LABEL

DESCRIPTION

Use Policy

Select this to be able to use policy routes to manually specify the

Route to

destination addresses of dynamic IPSec rules. You must manually create

control

these policy routes. The ZyWALL automatically obtains source and

dynamic

destination addresses for dynamic IPSec rules that do not match any of

IPSec rules

the policy routes.

 

Clear this to have the ZyWALL automatically obtain source and

 

destination addresses for all dynamic IPSec rules.

 

See Section 6.4.2 on page 101 for how this option affects the routing

 

table.

 

 

Ignore

Select this to fragment packets larger than the MTU (Maximum

""Don't

Transmission Unit) that have the “don’t” fragment” bit in the IP header

Fragment""

turned on. When you clear this the ZyWALL drops packets larger than the

setting in

MTU that have the “don’t” fragment” bit in the header turned on.

packet header

 

 

 

Add

Click this to create a new entry.

 

 

Edit

Double-click an entry or select it and click Edit to open a screen where

 

you can modify the entry’s settings.

 

 

Remove

To remove an entry, select it and click Remove. The ZyWALL confirms

 

you want to remove it before doing so.

 

 

Activate

To turn on an entry, select it and click Activate.

 

 

Inactivate

To turn off an entry, select it and click Inactivate.

 

 

Connect

To connect an IPSec SA, select it and click Connect.

 

 

 

445

ZyWALL USG 2000 User’s Guide