ZyXEL Communications ZyWALL 2 Compact Manual page 34
Internet security gateway
Hide thumbs
Also See for ZyWALL 2:
- User manual (686 pages) ,
- Quick start manual (137 pages) ,
- Firmware release notes (43 pages)
Table of Contents
Advertisement
The following table describes the fields in this screen.
LABEL
Select this check box to activate this VPN tunnel. This option determines whether a VPN rule is
Active
applied before a packet leaves the firewall.
Select this check box to turn on the keep alive feature for this SA.
Turn on Keep Alive to have the ZyWALL automatically reinitiate the SA after the SA lifetime times out,
Keep Alive
even if there is no traffic. The remote IPSec router must also have keep alive enabled in order for this
feature to work.
NAT Traversal
Select this check box to enable NAT traversal. NAT traversal allows you to set up a VPN connection
when there are NAT routers between the two IPSec routers.
The remote IPSec router must also have NAT traversal enabled.
You can use NAT traversal with ESP protocol using Transport or Tunnel mode, but not with AH
protocol nor with manual key management. In order for an IPSec router behind a NAT router to
receive an initiating IPSec packet, set the NAT router to forward UDP port 500 to the IPSec router
behind the NAT router.
Name
Type up to 32 characters to identify this VPN policy. You may use any character, including spaces,
but the ZyWALL drops trailing spaces.
Key Management
Select IKE or Manual Key from the drop-down list box. IKE provides more protection so it is generally
(or IPSec Keying
recommended. Manual Key is a useful option for troubleshooting.
Mode)
Negotiation Mode
Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure
gateway must have the same negotiation mode.
Enable Extended
Select this check box to activate extended authentication.
Authentication
Server Mode
Select Server Mode to have this ZyWALL authenticate extended authentication clients that request
this VPN connection.
You must also configure the extended authentication clients' usernames and passwords in the auth
server's local user database or a RADIUS server.
Click Local User to go to the Local User Database screen where you can view and/or edit the list of
users and passwords. Click RADIUS to go to the RADIUS screen where you can configure the
ZyWALL to check an external RADIUS server.
During authentication, if the extended authentication server does not find the extended authentication
clients' user name in its internal user database and an external RADIUS server has been enabled, it
attempts to authenticate the client through the RADIUS server.
ZyWALL 2
DESCRIPTION
34
Advertisement
Table of Contents
Related Manuals for ZyXEL Communications ZyWALL 2
Related Products for ZyXEL Communications ZyWALL 2
- ZyXEL Communications 2R-P1C
- ZyXEL Communications Prestige 2304R-P1
- ZyXEL Communications 802.11g ADSL 2+ 4-Port Security Gateway HW-D Series
- ZyXEL Communications Prestige 2302R Series
- ZyXEL Communications ZyXEL ZyWALL 2WE
- ZyXEL Communications PRESTIGE 2302RL -
- ZyXEL Communications ZYWALL 20W -
- ZyXEL Communications Prestige 2602HW-C Series