Table 39-2 Menu 27.1.1: Ipsec Setup - ZyXEL Communications ZyWALL 5 User Manual

FIELD
Index This is the VPN rule index number you selected in the previous menu.
Name Enter a unique identification name for this VPN rule. The name may be up to 32
characters long but only 10 characters will be displayed in Menu 27.1 - IPSec
Summary.
Active Press [SPACE BAR] to choose either Yes or No. Choose Yes and press
[ENTER] to activate the VPN tunnel. This field determines whether a VPN rule
is applied before a packet leaves the firewall.
Keep Alive Press [SPACE BAR] to choose either Yes or No. Choose Yes and press
[ENTER] to have the ZyWALL automatically re-initiate the SA after the SA
lifetime times out, even if there is no traffic. The remote IPSec router must also
have keep alive enabled in order for this feature to work.
NAT Traversal Choose Yes and press [ENTER] to enable NAT traversal. NAT traversal allows
you to set up a VPN connection when there are NAT routers between the two
IPSec routers.
The remote IPSec router must also have NAT traversal enabled. You can use
NAT traversal with ESP protocol using Transport or Tunnel mode, but not with
AH protocol nor with Manual key management.
In order for an IPSec router behind a NAT router to receive an initiating IPSec
packet, set the NAT router to forward UDP port 500 to the IPSec router behind
the NAT router.
Local ID type Press [SPACE BAR] to choose IP, DNS, or E-mail and press [ENTER].
Select IP to identify this ZyWALL by its IP address.
Select DNS to identify this ZyWALL by a domain name.
Select E-mail to identify this ZyWALL by an e-mail address.
Content When you select IP in the Local ID type field, type the IP address of your
computer in the local Content field. The ZyWALL automatically uses the IP
address in the My IP Addr field (refer to the My IP Addr field description) if you
configure the local Content field to 0.0.0.0 or leave it blank.
It is recommended that you type an IP address other than 0.0.0.0 in the local
Content field or use the DNS or E-mail ID type in the following situations.
When you select DNS or E-mail in the Local ID type field, type a domain name
or e-mail address by which to identify this ZyWALL in the local Content field.
Use up to 31 ASCII characters including spaces, although trailing spaces are
truncated. The domain name or e-mail address is for identification purposes
only and can be any string.
My IP Addr Enter the IP address of your ZyWALL. The ZyWALL uses its current WAN IP
address (static or dynamic) in setting up the VPN tunnel if you leave this field as
0.0.0.0.
The VPN tunnel has to be rebuilt if this IP address changes.
VPN/IPSec Setup

Table 39-2 Menu 27.1.1: IPSec Setup

DESCRIPTION
When there is a NAT router between the two IPSec routers.
When you want the remote IPSec router to be able to distinguish
between VPN connection requests that come in from IPSec routers
with dynamic WAN IP addresses.
ZyWALL 5 Internet Security Appliance
EXAMPLE
1
Taiwan
Yes
No
No
0.0.0.0
39-5