ZyXEL Communications ZyWall USG20-VPN User Manual page 344

Table 135 Configuration > VPN > IPSec VPN > VPN Connection > Edit (continued)
LABEL DESCRIPTION
Check Method Select how the USG checks the connection. The peer must be configured to respond
to the method you select.
Select icmp to have the USG regularly ping the address you specify to make sure
traffic can still go through the connection. You may need to configure the peer to
respond to pings.
Select tcp to have the USG regularly perform a TCP handshake with the address you
specify to make sure traffic can still go through the connection. You may need to
configure the peer to accept the TCP connection.
Check Port This field displays when you set the Check Method to tcp. Specify the port number
to use for a TCP connectivity check.
Check Period Enter the number of seconds between connection check attempts.
Check Timeout Enter the number of seconds to wait for a response before the attempt is a failure.
Check Fail Enter the number of consecutive failures allowed before the USG disconnects the VPN
Tolerance
tunnel. The USG resumes using the first peer gateway address when the VPN
connection passes the connectivity check.
Check this Address Select this to specify a domain name or IP address for the connectivity check. Enter
that domain name or IP address in the field next to it.
Check the First Select this to have the USG check the connection to the first and last IP addresses in
and Last IP
the connection's remote policy. Make sure one of these is the peer gateway's LAN IP
Address in the
address.
Remote Policy
Log Select this to have the USG generate a log every time it checks this VPN connection.
Inbound/Outbound
traffic NAT
Outbound Traffic
Source NAT This translation hides the source address of computers in the local network. It may
also be necessary if you want the USG to route packets from computers outside the
local network through the IPSec SA.
Source Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the computer
or network outside the local network. The size of the original source address range
(Source) must be equal to the size of the translated source address range (SNAT).
Destination Select the address object that represents the original destination address (or select
Create Object to configure a new one). This is the address object for the remote
network.
SNAT Select the address object that represents the translated source address (or select
Create Object to configure a new one). This is the address object for the local
network. The size of the original source address range (Source) must be equal to the
size of the translated source address range (SNAT).
Inbound Traffic
Source NAT This translation hides the source address of computers in the remote network.
Source Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the remote
network. The size of the original source address range (Source) must be equal to the
size of the translated source address range (SNAT).
Destination Select the address object that represents the original destination address (or select
Create Object to configure a new one). This is the address object for the local
network.
Chapter 21 IPSec VPN
USG20(W)-VPN Series User's Guide
344