ZyWALL 5/35/70 Series User’s Guide
The following table describes the labels in this screen.
Table 102 VPN Rules (IKE): Network Policy Edit
LABEL | DESCRIPTION | |
|
| |
Active | If the Active check box is selected, packets for the tunnel trigger the ZyWALL to | |
| build the tunnel. | |
| Clear the Active check box to turn the network policy off. The ZyWALL does not | |
| apply the policy. Packets for the tunnel do not trigger the tunnel. | |
| If you clear the Active check box while the tunnel is up (and click Apply), you | |
| turn off the network policy and the tunnel goes down. | |
Name | Type a name to identify this VPN network policy. You may use any character, | |
| including spaces, but the ZyWALL drops trailing spaces. | |
Protocol | Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any | |
| protocol. | |
Select this check box to turn on the nailed up feature for this SA. | ||
| Turn on nailed up to have the ZyWALL automatically reinitiate the SA after the | |
| SA lifetime times out, even if there is no traffic. The ZyWALL also reinitiates the | |
| SA when it restarts. | |
| The ZyWALL also rebuilds the tunnel if it was disconnected due to the output or | |
| input idle timer. | |
Allow NetBIOS | This field is not available when the ZyWALL is in bridege mode. | |
Traffic Through | NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that | |
IPSec Tunnel | ||
enable a computer to connect to and communicate with a LAN. It may | ||
| sometimes be necessary to allow NetBIOS packets to pass through VPN | |
| tunnels in order to allow local computers to find computers on the remote | |
| network and vice versa. | |
| Select this check box to send NetBIOS packets through the VPN connection. | |
|
| |
Check IPSec Tunnel | Select the check box and configure an IP address in the Ping this Address field | |
Connectivity | to have the ZyWALL periodically test the VPN tunnel to the remote IPSec router. | |
| The ZyWALL pings the IP address every minute. The ZyWALL starts the IPSec | |
| connection idle timeout timer when it sends the ping packet. If there is no traffic | |
| from the remote IPSec router by the time the timeout period expires, the | |
| ZyWALL disconnects the VPN tunnel. | |
Log | Select this check box to set the ZyWALL to create logs when it cannot ping the | |
| remote device. | |
Ping this Address | If you select Check IPSec Tunnel Connectivity, enter the IP address of a | |
| computer at the remote IPSec network. The computer's IP address must be in | |
| this IP policy's remote range (see the Remote Network fields). | |
Gateway Policy |
| |
Information |
| |
Gateway Policy | Select the gateway policy with which you want to use the VPN policy. | |
|
| |
Local Network | Local IP addresses must be static and correspond to the remote IPSec router's | |
| configured remote IP addresses. | |
| Two active SAs cannot have the local and remote IP address(es) both the same. | |
| Two active SAs can have the same local or remote IP address, but not both. | |
| You can configure multiple SAs between the same local and remote IP | |
| addresses, as long as only one is active at any time. | |
Address Type | Use the | |
| Subnet Address. Select Single Address for a single IP address. Select Range | |
| Address for a specific range of IP addresses. Select Subnet Address to | |
| specify IP addresses on a network by their subnet mask. |
Chapter 19 VPN Screens | 322 |