Keep Alive; Nat Traversal - ZyXEL Communications Prestige 662H Series User Manual

Table 67 VPN Summary (continued)
LABEL
Remote
Address
Encap.
IPSec Algorithm This field displays the security protocols used for an SA.
Secure Gateway
IP
Back

19.6 Keep Alive

When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically
renegotiates the tunnel when the IPSec SA lifetime period expires (see
for more on the IPSec SA lifetime). In effect, the IPSec tunnel becomes an "always on"
connection after you initiate it. Both IPSec routers must have a Prestige-compatible keep alive
feature enabled in order for this feature to work.
If the Prestige has its maximum number of simultaneous IPSec tunnels connected to it and
they all have keep alive enabled, then no other tunnels can take a turn connecting to the
Prestige because the Prestige never drops the tunnels that are already connected. Refer to
Features of the Prestige section
can support.
When there is outbound traffic with no inbound traffic, the Prestige automatically drops the
tunnel after two minutes.

19.7 NAT Traversal

NAT traversal allows you to set up a VPN connection when there are NAT routers between the
two IPSec routers.
Chapter 19 VPN Screens
DESCRIPTION
This is the IP address(es) of computer(s) on the remote network behind the remote
IPSec router.
This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In
this case only the remote IPSec router can initiate the VPN.
The same (static) IP address is displayed twice when the Remote Address Type
field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single.
The beginning and ending (static) IP addresses, in a range of computers are
displayed when the Remote Address Type field in the VPN-IKE (or VPN-Manual
Key) screen is configured to Range.
A (static) IP address and a subnet mask are displayed when the Remote Address
Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Subnet.
This field displays Tunnel or Transport mode (Tunnel is the default selection).
Both AH and ESP increase Prestige processing requirements and communications
latency (delay).
This is the static WAN IP address or URL of the remote IPSec router. This field
displays 0.0.0.0 when you configure the Secure Gateway Address field in the VPN-
IKE screen to 0.0.0.0.
Click Back to return to the previous screen.
to see how many simultaneous IPSec SAs your Prestige model
Prestige 662H/HW Series User's Guide
the IKE Phases section
the
222