ZyXEL Communications Vantage CNM 2.3 User Manual page 149

The following table describes the labels in this screen.
Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules
(IKE) > Network Policy Add/Edit
LABEL
Active
Name
Protocol
Nailed-Up
Allow NetBIOS
Traffic Through
IPSec Tunnel
Check IPSec
Tunnel
Connectivity
Log
Ping this Address
Gateway Policy Information
Gateway Policy
Virtual Address
Mapping Rule
Vantage CNM User's Guide
DESCRIPTION
If the Active check box is selected, packets for the tunnel trigger the
device to build the tunnel.
Clear the Active check box to turn the network policy off. The device
does not apply the policy. Packets for the tunnel do not trigger the
tunnel.
If you clear the Active check box while the tunnel is up (and click
Apply), you turn off the network policy and the tunnel goes down.
Type a name to identify this VPN network policy. You may use any
character, including spaces, but the device drops trailing spaces.
Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and
signifies any protocol.
Select this check box to turn on the nailed up feature for this SA.
Turn on nailed up to have the device automatically reinitiate the SA
after the SA lifetime times out, even if there is no traffic. The device
also reinitiates the SA when it restarts.
The device also rebuilds the tunnel if it was disconnected due to the
output or input idle timer.
NetBIOS (Network Basic Input/Output System) are TCP or UDP
packets that enable a computer to connect to and communicate with
a LAN. It may sometimes be necessary to allow NetBIOS packets to
pass through VPN tunnels in order to allow local computers to find
computers on the remote network and vice versa.
Select this check box to send NetBIOS packets through the VPN
connection.
Select the check box and configure an IP address in the Ping this
Address field to have the device periodically test the VPN tunnel to
the remote IPSec router.
The device pings the IP address every minute. The device starts the
IPSec connection idle timeout timer when it sends the ping packet. If
there is no traffic from the remote IPSec router by the time the
timeout period expires, the device disconnects the VPN tunnel.
Select this check box to set the device to create logs when it cannot
ping the remote device.
If you select Check IPSec Tunnel Connectivity, enter the IP
address of a computer at the remote IPSec network. The computer's
IP address must be in this IP policy's remote range (see the Remote
Network fields).
Select the gateway policy with which you want to use the VPN policy.
Virtual address mapping over VPN is available with the routing and
zero configuration modes.
Chapter 6 Device Security Settings
149