ZyXEL Communications Vantage CNM User Manual page 183
Centralized network management
Hide thumbs
Also See for Vantage CNM:
- User manual (433 pages) ,
- Quick start manual (36 pages) ,
- Quick start manual (69 pages)
Table of Contents
Advertisement
Table 64 Configuration > VPN > Tunnel IPSec Detail (continued)
LABEL
IKE/Manual
DNS Address
Active Protocol
Enable Replay Detection
Keep Alive
A-End/Z-End
NAT Traversal (Only
Available in ZyWALL)
A-End/Z-End Device
My IP
Peer IP
ID Type
Chapter 11 Configuration > VPN
DESCRIPTION
Select either IKE or Manual to manage encryption keys. If you select the
IKE method, you must configure the IKE fields. Manual is useful for
troubleshooting if you have problems using IKE key management.
Type a domain name (up to 31 characters) by which to identify the local or
remote IPSec router.
The ESP and AH protocols are necessary to create a Security Association
(SA), the foundation of an IPSec VPN.
AH protocol (RFC 2402) was designed for integrity, authentication,
sequence integrity (replay resistance), and non-repudiation but not for
confidentiality, for which the ESP was designed.
The ESP protocol (RFC 2406) provides encryption as well as some of the
services offered by AH. ESP authenticating properties are limited
compared to the AH due to the non-inclusion of the IP header information
during the authentication process.
When you initiate an IPSec tunnel with keep alive enabled, the ZyXEL
device automatically renegotiates the tunnel when the IPSec SA lifetime
period expires. In effect, the IPSec tunnel becomes an always on
connection after you initiate it. Both IPSec routers must have a ZyXEL
device-compatible keep alive feature enabled in order for this feature to
work.
If the ZyXEL device has its maximum number of simultaneous IPSec
tunnels connected to it and they all have keep alive enabled, then no other
tunnels can take a turn connecting to the ZyXEL device because the
ZyXEL
Select this check box to enable NAT traversal. NAT traversal allows you to
set up a VPN connection when there are NAT routers between the two
IPSec routers.
The remote IPSec router must also have NAT traversal enabled.
You can use NAT traversal with ESP protocol using Transport or Tunnel
mode, but not with AH protocol nor with manual key management. In order
for an IPSec router behind a NAT router to receive an initiating IPSec
packet, set the NAT router to forward UDP port 500 to the IPSec router
behind the NAT router.
Select the name of the ZyXEL device from the pull-down list.
This is the IP address of the local and remote computer(s) of the VPN
tunnel.
Type the IP address of the computer with which you will make the VPN
connection or leave the field blank to have the ZyXEL device automatically
use the address in the Secure Gateway field.
Select IP to identify this ZyXEL device by its IP address.
Select DNS to identify this ZyXEL device by a domain name.
Select E-mail to identify this ZyXEL device by an e-mail address.
You do not configure the local ID type and content when you set
Authentication Method to Certificate. The ZyXEL device takes them
from the certificate you select.
Vantage CNM User's Guide
182
Advertisement
Table of Contents
