1 dynamic secure gateway address, 2 nailed up, 5 nat traversal – ZyXEL Communications ZyXEL ZyWALL P1 User Manual
Page 132: 1 dynamic secure gateway address 9.4.2 nailed up
ZyWALL P1 User’s Guide
Chapter 9 VPN Screens
131
You can also enter a remote secure gateway’s domain name in the Secure Gateway Address
field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The
ZyWALL has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP
address changes (there may be a delay until the DDNS servers are updated with the remote
gateway’s new WAN IP address).
9.4.1 Dynamic Secure Gateway Address
If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter
0.0.0.0 as the secure gateway’s address. In this case only the remote secure gateway can
initiate SAs. This may be useful for telecommuters initiating a VPN tunnel to the company
network. See
for configuration examples.
Note: The Secure Gateway IP Address may be configured as 0.0.0.0 only when using
IKE key management and not Manual key management.
9.4.2 Nailed Up
When you initiate an IPSec tunnel with nailed up enabled, the ZyWALL automatically
renegotiates the tunnel when the IPSec SA lifetime period expires (see
for more on the IPSec SA lifetime). In effect, the IPSec tunnel becomes an always on
connection after you initiate it. Both IPSec routers must have a ZyWALL-compatible nailed
up feature enabled in order for this feature to work.
If the ZyWALL has its maximum number of simultaneous IPSec tunnels connected to it and
they all have nailed up enabled, then no other tunnels can take a turn connecting to the
ZyWALL because the ZyWALL never drops the tunnels that are already connected.
Note: When there is outbound traffic with no inbound traffic, the ZyWALL
automatically drops the tunnel after two minutes.
9.5 NAT Traversal
NAT traversal allows you to set up a VPN connection when there are NAT routers between
the two IPSec routers.