ZyXEL Communications Vantage CNM User Manual page 199

Table 70 Configuration > VPN > IKE IPSec (continued)
LABEL
Nailed-Up
Allow NetBIOS
Traffic Through
IPSec Tunnel
Check IPSec Tunnel
Connectivity
Log
Ping this Address
Gateway Policy
Information
Gateway Policy
Local Network
Address Type
Starting IP Address
Ending IP Address/
Subnet Mask
Local Port
Chapter 11 Configuration > VPN
DESCRIPTION
Select this check box to turn on the nailed up feature for this SA.
Turn on nailed up to have the ZyWALL automatically reinitiate the SA after the
SA lifetime times out, even if there is no traffic. The ZyWALL also reinitiates the
SA when it restarts.
The ZyWALL also rebuilds the tunnel if it was disconnected due to the output or
input idle timer.
NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that
enable a computer to connect to and communicate with a LAN. It may
sometimes be necessary to allow NetBIOS packets to pass through VPN
tunnels in order to allow local computers to find computers on the remote
network and vice versa.
Select this check box to send NetBIOS packets through the VPN connection.
Select the check box and configure an IP address in the Ping this Address field
to have the ZyWALL periodically test the VPN tunnel to the remote IPSec router.
The ZyWALL pings the IP address every minute. The ZyWALL starts the IPSec
connection idle timeout timer when it sends the ping packet. If there is no traffic
from the remote IPSec router by the time the timeout period expires, the
ZyWALL disconnects the VPN tunnel.
Select this check box to set the ZyWALL to create logs when it cannot ping the
remote device.
If you select Check IPSec Tunnel Connectivity, enter the IP address of a
computer at the remote IPSec network. The computer's IP address must be in
this IP policy's remote range (see the Remote Network fields).
Select the gateway policy with which you want to use the VPN policy.
Local IP addresses must be static and correspond to the remote IPSec router's
configured remote IP addresses.
Two active SAs cannot have the local and remote IP address(es) both the same.
Two active SAs can have the same local or remote IP address, but not both. You
can configure multiple SAs between the same local and remote IP addresses,
as long as only one is active at any time.
Use the drop-down list box to choose Single Address, Range Address, or
Subnet Address. Select Single Address for a single IP address. Select Range
Address for a specific range of IP addresses. Select Subnet Address to
specify IP addresses on a network by their subnet mask.
When the Address Type field is configured to Single Address, enter a (static)
IP address on the LAN behind your ZyWALL. When the Address Type field is
configured to Range Address, enter the beginning (static) IP address, in a
range of computers on the LAN behind your ZyWALL. When the Address Type
field is configured to Subnet Address, this is a (static) IP address on the LAN
behind your ZyWALL.
When the Address Type field is configured to Single Address, this field is N/A.
When the Address Type field is configured to Range Address, enter the end
(static) IP address, in a range of computers on the LAN behind your ZyWALL.
When the Address Type field is configured to Subnet Address, this is a subnet
mask on the LAN behind your ZyWALL.
0 is the default and signifies any port. Type a port number from 0 to 65535 in the
Start and End fields. Some of the most common IP ports are: 21, FTP; 53, DNS;
23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.
Vantage CNM User's Guide
198