Table 116 vpn > ipsec vpn > vpn connection > edit – ZyXEL Communications 200 Series User Manual
Page 357
Chapter 20 IPSec VPN
ZyWALL USG 100/200 Series User’s Guide
357
Each field is described in the following table.
Table 116 VPN > IPSec VPN > VPN Connection > Edit
LABEL
DESCRIPTION
General Settings
Click Advanced to display more settings. Click Basic to display fewer settings.
Connection
Name
Type the name used to identify this IPSec SA. You may use 1-31 alphanumeric
characters, underscores(
_
), or dashes (-), but the first character cannot be a
number. This value is case-sensitive.
Nailed-Up
Select this if you want the ZyWALL to automatically renegotiate the IPSec SA
when the SA life time expires.
Enable Replay
Detection
Select this check box to detect and reject old or duplicate packets to protect
against Denial-of-Service attacks.
Enable NetBIOS
Broadcast over
IPSec
Select this check box if you the ZyWALL to send NetBIOS (Network Basic Input/
Output System) packets through the IPSec SA.
NetBIOS packets are TCP or UDP packets that enable a computer to connect
to and communicate with a LAN. It may sometimes be necessary to allow
NetBIOS packets to pass through IPSec SAs in order to allow local computers
to find computers on the remote network and vice versa.
VPN Gateway
Click Advanced to display more settings. Click Basic to display fewer settings.
Static Site-to-site
Select this option to connect to a remote IPSec router that uses a static IP
address. Select the VPN gateway this VPN connection is to use or select
Create Object to add another VPN gateway for this VPN connection to use.
Site-to-site with
Dynamic Peer
Select this option to connect to a remote IPSec router that uses a dynamic IP
address. Only the peer will be able to initiate the VPN tunnel. Select the VPN
gateway this VPN connection is to use or select Create Object to add another
VPN gateway for this VPN connection to use.
Remote Access
Select this option to configure a VPN connection policy for management access
to the ZyWALL. Only the peer will be able to initiate the VPN tunnel. Select the
VPN gateway this VPN connection is to use or select Create Object to add
another VPN gateway for this VPN connection to use.
Manual Key
Select this option to configure a VPN connection policy that uses a manual key
instead of IKE key management. This may be useful if you have problems with
IKE key management. See
for how to configure the
manual key fields.
Note: Only use manual key as a temporary solution, because it is
not as secure as a regular IPSec SA.
Policy
Click Advanced to display more settings. Click Basic to display fewer settings.
Local Policy
Select the address or address group corresponding to the local network. Select
Create Object to configure a new one.
Remote Policy
Select the address or address group corresponding to the remote network.
Select Create Object to configure a new one.
Policy
Enforcement
Clear this to allow traffic with source and destination IP addresses that do not
match the local and remote policy to use the VPN tunnel. Leave this cleared for
free access between the local and remote networks.
Note: Clear this to use the IPSec SA in a VPN concentrator.
Selecting this restricts who can use the VPN tunnel. The ZyWALL drops traffic
with source and destination IP addresses that do not match the local and
remote policy.
Phase 2 Settings
Click Advanced to display more settings. Click Basic to display fewer settings.