ZyWALL 5/35/70 Series User’s Guide
The following table describes the labels in this screen.
Table 101 VPN Rules (IKE): Gateway Policy: Edit
LABEL | DESCRIPTION |
|
|
Property |
|
|
|
Name | Type up to 32 characters to identify this VPN gateway policy. You may use any |
| character, including spaces, but the ZyWALL drops trailing spaces. |
NAT Traversal | Select this check box to enable NAT traversal. NAT traversal allows you to set up |
| a VPN connection when there are NAT routers between the two IPSec routers. |
| Note: The remote IPSec router must also have NAT traversal |
| enabled. See Section 19.6 on page 306 for more |
| information. |
| You can use NAT traversal with ESP protocol using Transport or Tunnel mode, |
| but not with AH protocol nor with manual key management. In order for an IPSec |
| router behind a NAT router to receive an initiating IPSec packet, set the NAT |
| router to forward UDP port 500 to the IPSec router behind the NAT router. |
Gateway Policy |
|
Information |
|
My ZyWALL | When the ZyWALL is in router mode, this field identifies the WAN IP address or |
| domain name of the ZyWALL. You can select My Address and enter the |
| ZyWALL's static WAN IP address (if it has one) or leave the field set to 0.0.0.0. |
| For a ZyWALL with multiple WAN ports, the following applies if the My ZyWALL |
| field is configured as 0.0.0.0: |
| • When the WAN port operation mode is set to Active/Passive, the ZyWALL |
| uses the IP address (static or dynamic) of the WAN port that is in use. |
| • When the WAN port operation mode is set to Active/Active, the ZyWALL |
| uses the IP address (static or dynamic) of the primary (highest priority) WAN |
| port to set up the VPN tunnel as long as the corresponding WAN1 or WAN2 |
| connection is up. If the corresponding WAN1 or WAN2 connection goes down, |
| the ZyWALL uses the IP address of the other WAN port. |
| • If both WAN connections go down, the ZyWALL uses the dial backup IP |
| address for the VPN tunnel when using dial backup or the LAN IP address |
| when using traffic redirect. See the chapter on WAN for details on dial backup |
| and traffic redirect. |
| A ZyWALL with a single WAN port uses its current WAN IP address (static or |
| dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN |
| connection goes down, the ZyWALL uses the dial backup IP address for the VPN |
| tunnel when using dial backup or the LAN IP address when using traffic redirect. |
| Otherwise, you can select My Domain Name and choose one of the dynamic |
| domain names that you have configured (in the DDNS screen) to have the |
| ZyWALL use that dynamic domain name's IP address. |
| When the ZyWALL is in bridge mode, this field is |
| ZyWALL’s IP address. |
| The VPN tunnel has to be rebuilt if the My ZyWALL IP address changes after |
| setup. |
Chapter 19 VPN Screens | 316 |