|
| ZyWALL 2 Series User’s Guide | |
|
| Table | |
|
|
|
|
| LABEL | DESCRIPTION |
|
|
|
|
|
| Remote IP | This is the IP address(es) of computer(s) on the remote network behind the remote IPSec |
|
| Address | router. |
|
|
| This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In this |
|
|
| case only the remote IPSec router can initiate the VPN. |
|
|
| The same (static) IP address is displayed twice when the Remote Address Type field in |
|
|
| the Edit VPN Rule (or Manual Key) screen is configured to Single Address. |
|
|
| The beginning and ending (static) IP addresses, in a range of computers are displayed |
|
|
| when the Remote Address Type field in the Edit VPN Rule (or Manual Key) screen is |
|
|
| configured to Range Address. |
|
|
| A (static) IP address and a subnet mask are displayed when the Remote Address Type |
|
|
| field in the Edit VPN Rule (or Manual Key) screen is configured to Subnet Address. |
|
| Encap. | This field displays Tunnel or Transport mode (Tunnel is the default selection). |
|
|
|
|
|
| IPSec | This field displays the security protocols used for an SA. |
|
| Algorithm | Both AH and ESP increase ZyWALL processing requirements and communications |
|
|
|
| |
|
| latency (delay). |
|
|
|
|
|
| Secure | This is the static WAN IP address or URL of the remote IPSec router. This field displays |
|
| Gateway | 0.0.0.0 when you configure the Secure Gateway Address field in the Edit VPN Rule |
|
| Address | screen to 0.0.0.0. |
|
| Edit | Click Edit to edit the VPN policy. |
|
|
|
|
|
| Delete | Click Delete to remove the VPN policy. |
|
|
|
|
|
14.6 Keep Alive
When you initiate an IPSec tunnel with keep alive enabled, the ZyWALL automatically renegotiates the tunnel when the IPSec SA lifetime period expires (see section 14.13 for more on the IPSec SA lifetime). In effect, the IPSec tunnel becomes an “always on” connection after you initiate it. Both IPSec routers must have a
If the ZyWALL has its maximum number of simultaneous IPSec tunnels connected to it and they all have keep alive enabled, then no other tunnels can take a turn connecting to the ZyWALL because the ZyWALL never drops the tunnels that are already connected. Your ZyWALL model can support 5 simultaneous IPSec SAs.
VPN Screens |