Table 72 Security > Vpn > Global Setting - ZyXEL Communications ZYWALL 2 PLUS User Manual
Internet security appliance
Hide thumbs
Also See for ZYWALL 2 PLUS:
- User manual (686 pages) ,
- Quick start manual (137 pages) ,
- Firmware release notes (43 pages)
Table of Contents
Advertisement
Chapter 14 IPSec VPN
The following table describes the labels in this screen.
Table 72 SECURITY > VPN > Global Setting
LABEL
Output Idle Timer
Input Idle Timer
Gateway Domain
Name Update Timer
Adjust TCP Maximum
Segment Size
VPN rules skip
applying to the overlap
range of local and
remote IP addresses
Apply
Reset
268
DESCRIPTION
When traffic is sent to a remote IPSec router from which no reply is received
after the specified time period, the ZyWALL checks the VPN connectivity. If
the remote IPSec router does not reply, the ZyWALL automatically
disconnects the VPN tunnel.
Enter the time period (between 120 and 3600 seconds) to wait before the
ZyWALL checks all of the VPN connections to remote IPSec routers.
Enter 0 to disable this feature.
When no traffic is received from a remote IPSec router after the specified
time period, the ZyWALL checks the VPN connectivity. If the remote IPSec
router does not reply, the ZyWALL automatically disconnects the VPN
tunnel.
Enter the time period (between 30 and 3600 seconds) to wait before the
ZyWALL checks all of the VPN connections to remote IPSec routers.
Enter 0 to disable this feature.
This field is applicable when you enter a domain name to identify the
ZyWALL and/or the remote secure gateway.
Enter the time period (between 2 and 60 minutes) to wait before the ZyWALL
updates the domain name and IP address mapping through a DNS server.
The ZyWALL rebuilds the VPN tunnel if it finds that the domain name is now
using a different IP address (any users of the VPN tunnel will be temporarily
disconnected).
Enter 0 to disable this feature.
The TCP packets are larger after the ZyWALL encrypts them for VPN. The
ZyWALL fragments packets that are larger than a connection's MTU
(Maximum Transmit Unit).
In most cases you should leave this set to Auto. The ZyWALL automatically
sets the Maximum Segment Size (MSS) of the TCP packets that are to be
encrypted by VPN based on the encapsulation type.
Select Off to not adjust the MSS for the encrypted TCP packets.
If your network environment causes fragmentation issues that are affecting
your throughput performance, you can manually set a smaller MSS for the
TCP packets that are to be encrypted by VPN. Select User-Defined and
specify a size from 0~1460 bytes. 0 has the ZyWALL use the auto setting.
Select this check box to send packets destined for overlapping local and
remote IP addresses to the local network (you can access the local devices
but not the remote devices).
Clear this check box to send packets destined for overlapping local and
remote IP addresses to the remote network (you can access the remote
devices but not the local devices.)
If the remote IPSec router also supports NAT over IPSec, it is recommended
that you use NAT over IPSec (see
and remote IP addresses overlap.
If a VPN rule's local and remote network settings are both set to 0.0.0.0
(any), no traffic goes through the VPN tunnel if you select this check box.
Click Apply to save your changes back to the ZyWALL.
Click Reset to begin configuring this screen afresh.
Section 14.6.2 on page
252) if the local
ZyWALL 2 Plus User's Guide
Advertisement
Table of Contents
Troubleshooting
