Table of Contents
Advertisement
The following table describes the fields in this screen.
LABEL
Select this check box to activate this VPN tunnel. This option determines whether a VPN
Active
rule is applied before a packet leaves the firewall.
Select this check box to turn on the keep alive feature for this SA.
Turn on Keep Alive to have the ZyWALL automatically reinitiate the SA after the SA
Keep Alive
lifetime times out, even if there is no traffic. The remote IPSec router must also have keep
alive enabled in order for this feature to work.
NAT Traversal
Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN
connection when there are NAT routers between the two IPSec routers.
The remote IPSec router must also have NAT traversal enabled.
You can use NAT traversal with ESP protocol using Transport or Tunnel mode, but not
with AH protocol nor with manual key management. In order for an IPSec router behind a
NAT router to receive an initiating IPSec packet, set the NAT router to forward UDP port
500 to the IPSec router behind the NAT router.
Name
Type up to 32 characters to identify this VPN policy. You may use any character, including
spaces, but the ZyWALL drops trailing spaces.
Select IKE or Manual Key from the drop-down list box. IKE provides more protection so it
Key Management
(or IPSec Keying
is generally recommended. Manual Key is a useful option for troubleshooting.
Mode)
Negotiation Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through
a secure gateway must have the same negotiation mode.
Enable Extended
Select this check box to activate extended authentication.
Authentication
VPN Screens
Table 14-7 Basic IKE VPN Rule Edit
ZyWALL 2 Series User's Guide
DESCRIPTION
14-13
Advertisement
Table of Contents
