Table 102 Vpn Rules (Ike): Network Policy Edit - ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0 User Manual

The following table describes the labels in this screen.

Table 102 VPN Rules (IKE): Network Policy Edit

LABEL
Active
Name
Protocol
Nailed-Up
Allow NetBIOS
Traffic Through
IPSec Tunnel
Check IPSec Tunnel
Connectivity
Log
Ping this Address
Gateway Policy
Information
Gateway Policy
Local Network
Address Type
Chapter 19 VPN Screens
DESCRIPTION
If the Active check box is selected, packets for the tunnel trigger the ZyWALL to
build the tunnel.
Clear the Active check box to turn the network policy off. The ZyWALL does not
apply the policy. Packets for the tunnel do not trigger the tunnel.
If you clear the Active check box while the tunnel is up (and click Apply), you
turn off the network policy and the tunnel goes down.
Type a name to identify this VPN network policy. You may use any character,
including spaces, but the ZyWALL drops trailing spaces.
Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any
protocol.
Select this check box to turn on the nailed up feature for this SA.
Turn on nailed up to have the ZyWALL automatically reinitiate the SA after the
SA lifetime times out, even if there is no traffic. The ZyWALL also reinitiates the
SA when it restarts.
The ZyWALL also rebuilds the tunnel if it was disconnected due to the output or
input idle timer.
This field is not available when the ZyWALL is in bridege mode.
NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that
enable a computer to connect to and communicate with a LAN. It may
sometimes be necessary to allow NetBIOS packets to pass through VPN
tunnels in order to allow local computers to find computers on the remote
network and vice versa.
Select this check box to send NetBIOS packets through the VPN connection.
Select the check box and configure an IP address in the Ping this Address field
to have the ZyWALL periodically test the VPN tunnel to the remote IPSec router.
The ZyWALL pings the IP address every minute. The ZyWALL starts the IPSec
connection idle timeout timer when it sends the ping packet. If there is no traffic
from the remote IPSec router by the time the timeout period expires, the
ZyWALL disconnects the VPN tunnel.
Select this check box to set the ZyWALL to create logs when it cannot ping the
remote device.
If you select Check IPSec Tunnel Connectivity, enter the IP address of a
computer at the remote IPSec network. The computer's IP address must be in
this IP policy's remote range (see the Remote Network fields).
Select the gateway policy with which you want to use the VPN policy.
Local IP addresses must be static and correspond to the remote IPSec router's
configured remote IP addresses.
Two active SAs cannot have the local and remote IP address(es) both the same.
Two active SAs can have the same local or remote IP address, but not both.
You can configure multiple SAs between the same local and remote IP
addresses, as long as only one is active at any time.
Use the drop-down list box to choose Single Address, Range Address, or
Subnet Address. Select Single Address for a single IP address. Select Range
Address for a specific range of IP addresses. Select Subnet Address to
specify IP addresses on a network by their subnet mask.
ZyWALL 5/35/70 Series User's Guide
322