ZyXEL Communications ZyWall USG 50-H Series User Manual page 316

Chapter 19 IPSec VPN
Table 117 VPN > IPSec VPN > VPN Connection > Edit (continued)
LABEL
Related Settings
Add this VPN
connection to
IPSec_VPN zone.
Connectivity Check
Enable
Connectivity
Check
Check Method
Check Port
Check Period
Check Timeout
Check Fail
Tolerance
Check this
Address
Check the First
and Last IP
Address in the
Remote Policy
Log
More Settings/Less
Settings
Inbound/Outbound
traffic NAT
Outbound Traffic
Source NAT
Source
Destination
316
DESCRIPTION
Select this check box to add the VPN connection policy to the IPSec_VPN
security zone. Any security rules or settings configured for the IPSec_VPN
security zone will also apply to this VPN connection policy.
The ZyWALL can regularly check the VPN connection to the gateway you
specified to make sure it is still available.
Select this to turn on the VPN connection check.
Select how the ZyWALL checks the connection. The peer must be configured to
respond to the method you select.
Select icmp to have the ZyWALL regularly ping the address you specify to
make sure traffic can still go through the connection. You may need to configure
the peer to respond to pings.
Select tcp to have the ZyWALL regularly perform a TCP handshake with the
address you specify to make sure traffic can still go through the connection. You
may need to configure the peer to accept the TCP connection.
This field displays when you set the Check Method to tcp. Specify the port
number to use for a TCP connectivity check.
Enter the number of seconds between connection check attempts.
Enter the number of seconds to wait for a response before the attempt is a
failure.
Enter the number of consecutive failures allowed before the ZyWALL
disconnects the VPN tunnel. The ZyWALL resumes using the first peer gateway
address when the VPN connection passes the connectivity check.
Select this to specify a domain name or IP address for the connectivity check.
Enter that domain name or IP address in the field next to it.
Select this to have the ZyWALL check the connection to the first and last IP
addresses in the connection's remote policy. Make sure one of these is the peer
gateway's LAN IP address.
Select this to have the ZyWALL generate a log every time it checks this VPN
connection.
Click this button to show or hide the Inbound/Outbound traffic NAT fields.
This translation hides the source address of computers in the local network. It
may also be necessary if you want the ZyWALL to route packets from
computers outside the local network through the IPSec SA.
Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the
computer or network outside the local network. The size of the original source
address range (Source) must be equal to the size of the translated source
address range (SNAT).
Select the address object that represents the original destination address (or
select Create Object to configure a new one). This is the address object for the
remote network.
ZyWALL USG 50-H User's Guide