Keep Alive - ZyXEL Communications ZyWALL 5 User Manual
Internet security appliance
Hide thumbs
Also See for ZyWALL 5:
- User manual (668 pages) ,
- Support notes (305 pages) ,
- Quick start manual (139 pages)
Table of Contents
Advertisement
ZyWALL 5 Internet Security Appliance
LABEL
Local IP Address
This is the IP address(es) of computer(s) on your local network behind your ZyWALL.
The same (static) IP address is displayed twice when the Local Address Type field in the
Edit VPN Rule (or Manual Key) screen is configured to Single Address.
The beginning and ending (static) IP addresses, in a range of computers are displayed
when the Local Address Type field in the Edit VPN Rule (or Manual Key) screen is
configured to Range Address.
A (static) IP address and a subnet mask are displayed when the Local Address Type field
in the Edit VPN Rule (or Manual Key) screen is configured to Subnet Address.
Remote IP
This is the IP address(es) of computer(s) on the remote network behind the remote IPSec
Address
router.
This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In this
case only the remote IPSec router can initiate the VPN.
The same (static) IP address is displayed twice when the Remote Address Type field in
the Edit VPN Rule (or Manual Key) screen is configured to Single Address.
The beginning and ending (static) IP addresses, in a range of computers are displayed
when the Remote Address Type field in the Edit VPN Rule (or Manual Key) screen is
configured to Range Address.
A (static) IP address and a subnet mask are displayed when the Remote Address Type
field in the Edit VPN Rule (or Manual Key) screen is configured to Subnet Address.
Encap.
This field displays Tunnel or Transport mode (Tunnel is the default selection).
IPSec Algorithm
This field displays the security protocols used for an SA.
Both AH and ESP increase ZyWALL processing requirements and communications latency
(delay).
Secure Gateway
This is the static WAN IP address or URL of the remote IPSec router. This field displays
Address
0.0.0.0 when you configure the Secure Gateway Address field in the Edit VPN Rule
screen to 0.0.0.0.
Modify
Click the edit icon to edit the VPN policy.
Click the delete icon to remove the VPN policy. A window displays asking you to confirm
that you want to delete the VPN rule. When a VPN policy is deleted, subsequent policies
move up in the page list.
Add
Click Add to add a new VPN policy.
13.6 Keep Alive
When you initiate an IPSec tunnel with keep alive enabled, the ZyWALL automatically renegotiates
the tunnel when the IPSec SA lifetime period expires (see section 13.11 for more on the IPSec SA
lifetime). In effect, the IPSec tunnel becomes an "always on" connection after you initiate it. Both
IPSec routers must have a ZyWALL-compatible keep alive feature enabled in order for this feature to
work.
If the ZyWALL has its maximum number of simultaneous IPSec tunnels connected to it and they all
have keep alive enabled, then no other tunnels can take a turn connecting to the ZyWALL because the
ZyWALL never drops the tunnels that are already connected.
13-4
Table 13-2 VPN Rules
DESCRIPTION
VPN Screens
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
