|
| Chapter 20 IPSec VPN |
| Table 91 VPN > IPSec VPN > VPN Connection > Edit (continued) | |
| LABEL | DESCRIPTION |
| Policy | Select this if you want the ZyWALL to drop traffic whose source and destination |
| Enforcement | IP addresses do not match the local and remote policy. This makes the IPSec |
|
| SA more secure. |
|
| Note: You must clear this field, however, if you want to use the |
|
| IPSec SA in a VPN concentrator. |
|
|
|
| Local Policy | Select the address or address group corresponding to the local network. Select |
|
| Create Object to configure a new one. |
|
|
|
| Remote Policy | Select the address or address group corresponding to the remote network. |
|
| Select Create Object to configure a new one. |
|
|
|
| Property |
|
|
|
|
| Select this if you want the ZyWALL to automatically renegotiate the IPSec SA | |
|
| when the SA life time expires. |
|
|
|
| Enable Replay | Select this check box to detect and reject old or duplicate packets to protect |
| Detection | against |
|
|
|
| Enable NetBIOS | Select this check box if you the ZyWALL to send NetBIOS (Network Basic Input/ |
| Broadcast over | Output System) packets through the IPSec SA. |
| IPSec | NetBIOS packets are TCP or UDP packets that enable a computer to connect |
|
| to and communicate with a LAN. It may sometimes be necessary to allow |
|
| NetBIOS packets to pass through IPSec SAs in order to allow local computers |
|
| to find computers on the remote network and vice versa. |
|
|
|
| Advanced/Basic | Click this button to show or hide the Inbound/Outbound traffic NAT fields. |
|
|
|
| Inbound/Outbound | Click the Advanced or Basic button to show or hide this section. |
| traffic NAT |
|
|
|
|
| Outbound Traffic |
|
|
|
|
| Source NAT | This translation hides the source address of computers in the local network. It |
|
| may also be necessary if you want the ZyWALL to route packets from |
|
| computers outside the local network through the IPSec SA. |
|
|
|
| Source | Select the address object that represents the original source address (or select |
|
| Create Object to configure a new one). This is the address object for the |
|
| computer or network outside the local network. The size of the original source |
|
| address range (Source) must be equal to the size of the translated source |
|
| address range (SNAT). |
| Destination | Select the address object that represents the original destination address (or |
|
| select Create Object to configure a new one). This is the address object for the |
|
| remote network. |
|
|
|
| SNAT | Select the address object that represents the translated source address (or |
|
| select Create Object to configure a new one). This is the address object for the |
|
| local network. The size of the original source address range (Source) must be |
|
| equal to the size of the translated source address range (SNAT). |
|
|
|
| Inbound Traffic |
|
|
|
|
| Source NAT | This translation hides the source address of computers in the remote network. |
|
|
|
| Source | Select the address object that represents the original source address (or select |
|
| Create Object to configure a new one). This is the address object for the |
|
| remote network. The size of the original source address range (Source) must |
|
| be equal to the size of the translated source address range (SNAT). |
|
|
|
| Destination | Select the address object that represents the original destination address (or |
|
| select Create Object to configure a new one). This is the address object for the |
|
| local network. |
|
|
|
| 301 |
ZyWALL USG 1000 User’s Guide | |
|
|