Table of Contents
Advertisement
Table 91 VPN > IPSec VPN > VPN Connection > Edit (continued)
LABEL
Policy
Enforcement
Local Policy
Remote Policy
Property
Nailed-Up
Enable Replay
Detection
Enable NetBIOS
Broadcast over
IPSec
Advanced/Basic
Inbound/Outbound
traffic NAT
Outbound Traffic
Source NAT
Source
Destination
SNAT
Inbound Traffic
Source NAT
Source
Destination
ZyWALL USG 1000 User's Guide
DESCRIPTION
Select this if you want the ZyWALL to drop traffic whose source and destination
IP addresses do not match the local and remote policy. This makes the IPSec
SA more secure.
Note: You must clear this field, however, if you want to use the
IPSec SA in a VPN concentrator.
Select the address or address group corresponding to the local network. Select
Create Object to configure a new one.
Select the address or address group corresponding to the remote network.
Select Create Object to configure a new one.
Select this if you want the ZyWALL to automatically renegotiate the IPSec SA
when the SA life time expires.
Select this check box to detect and reject old or duplicate packets to protect
against Denial-of-Service attacks.
Select this check box if you the ZyWALL to send NetBIOS (Network Basic Input/
Output System) packets through the IPSec SA.
NetBIOS packets are TCP or UDP packets that enable a computer to connect
to and communicate with a LAN. It may sometimes be necessary to allow
NetBIOS packets to pass through IPSec SAs in order to allow local computers
to find computers on the remote network and vice versa.
Click this button to show or hide the Inbound/Outbound traffic NAT fields.
Click the Advanced or Basic button to show or hide this section.
This translation hides the source address of computers in the local network. It
may also be necessary if you want the ZyWALL to route packets from
computers outside the local network through the IPSec SA.
Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the
computer or network outside the local network. The size of the original source
address range (Source) must be equal to the size of the translated source
address range (SNAT).
Select the address object that represents the original destination address (or
select Create Object to configure a new one). This is the address object for the
remote network.
Select the address object that represents the translated source address (or
select Create Object to configure a new one). This is the address object for the
local network. The size of the original source address range (Source) must be
equal to the size of the translated source address range (SNAT).
This translation hides the source address of computers in the remote network.
Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the
remote network. The size of the original source address range (Source) must
be equal to the size of the translated source address range (SNAT).
Select the address object that represents the original destination address (or
select Create Object to configure a new one). This is the address object for the
local network.
Chapter 20 IPSec VPN
301
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications Unified Security Gateway ZyWALL 1000
Related Products for ZyXEL Communications Unified Security Gateway ZyWALL 1000
- ZyXEL Communications Internet Security Gateway 10~100 Series
- ZyXEL Communications ZYWALL 1050 - V2.00 EDITION 1
- ZyXEL Communications ZyWALL 10/10
- ZyXEL Communications 10 Series
- ZyXEL Communications 100 Series
- ZyXEL Communications ZyWALL 10/10 II/50
- ZyXEL Communications Unified Security Gateway ZyWALL 300
- ZyXEL Communications ZyXEL Prestige 100MH