6 keep alive, 7 nat traversal, 6 keep alive 14.7 nat traversal – ZyXEL Communications ZyXEL ZyWALL 35 User Manual
Page 245
ZyWALL 35 User’s Guide
Chapter 14 VPN Screens
243
14.6 Keep Alive
When you initiate an IPSec tunnel with keep alive enabled, the ZyWALL automatically
renegotiates the tunnel when the IPSec SA lifetime period expires (
for more on the IPSec SA lifetime). In effect, the IPSec tunnel becomes an always on
connection after you initiate it. Both IPSec routers must have a ZyWALL-compatible keep
alive feature enabled in order for this feature to work.
If the ZyWALL has its maximum number of simultaneous IPSec tunnels connected to it and
they all have keep alive enabled, then no other tunnels can take a turn connecting to the
ZyWALL because the ZyWALL never drops the tunnels that are already connected.
14.7 NAT Traversal
NAT traversal allows you to set up a VPN connection when there are NAT routers between
the two IPSec routers.
IPSec Algorithm
This field displays the security protocols used for an SA.
Both AH and ESP increase ZyWALL processing requirements and communications
latency (delay).
Secure Gateway
Address
This is the static WAN IP address or URL of the remote IPSec router. This field
displays 0.0.0.0 when you configure the Secure Gateway Address field in the Edit
VPN Rule screen to 0.0.0.0.
Modify
Click the edit icon to edit the VPN policy.
Click the delete icon to remove the VPN policy. A window displays asking you to
confirm that you want to delete the VPN rule. When a VPN policy is deleted,
subsequent policies move up in the page list.
Click the dial icon to dial up the connection manually. If a VPN tunnel has been built
and dialed up, every time you click this icon, a warning message appears in the
status bar on the bottom of the screen.
Add
Click Add to add a new VPN policy.
Table 72 VPN Rules
LABEL
DESCRIPTION
Note: When there is outbound traffic with no inbound traffic, the
ZyWALL automatically drops the tunnel after two minutes.