Table 123 Vpn > Ipsec Vpn > Vpn Connection > Edit - ZyXEL Communications ZyWALL USG 100 Series User Manual

Each field is described in the following table.
Table 123 VPN > IPSec VPN > VPN Connection > Edit
LABEL
General Settings
Connection
Name
Nailed-Up
Enable Replay
Detection
Enable NetBIOS
Broadcast over
IPSec
VPN Gateway
Application
Scenario
VPN Gateway
Manual Key
Policy
Local Policy
Remote Policy
Policy
Enforcement
Phase 2 Settings
ZyWALL USG 100/200 Series User's Guide
DESCRIPTION
Click Advanced to display more settings. Click Basic to display fewer settings.
Type the name used to identify this IPSec SA. You may use 1-31 alphanumeric
characters, underscores( _ ), or dashes (-), but the first character cannot be a
number. This value is case-sensitive.
Select this if you want the ZyWALL to automatically renegotiate the IPSec SA
when the SA life time expires.
Select this check box to detect and reject old or duplicate packets to protect
against Denial-of-Service attacks.
Select this check box if you the ZyWALL to send NetBIOS (Network Basic Input/
Output System) packets through the IPSec SA.
NetBIOS packets are TCP or UDP packets that enable a computer to connect to
and communicate with a LAN. It may sometimes be necessary to allow
NetBIOS packets to pass through IPSec SAs in order to allow local computers
to find computers on the remote network and vice versa.
Click Advanced to display more settings. Click Basic to display fewer settings.
Select the scenario that best describes your intended VPN connection.
Site-to-site - Choose this if the remote IPSec router has a static IP address or a
domain name. This ZyWALL can initiate the VPN tunnel.
Site-to-site with Dynamic Peer - Choose this if the remote IPSec router has a
dynamic IP address. Only the remote IPSec router can initiate the VPN tunnel.
Remote Access (Server Role) - Choose this to allow incoming connections
from IPSec VPN clients. The clients have dynamic IP addresses and are also
known as dial-in users. Only the clients can initiate the VPN tunnel.
Remote Access (Client Role) - Choose this to connect to an IPSec server.
This ZyWALL is the client (dial-in user) and can initiate the VPN tunnel.
Select the VPN gateway this VPN connection is to use or select Create Object
to add another VPN gateway for this VPN connection to use.
Select this option to configure a VPN connection policy that uses a manual key
instead of IKE key management. This may be useful if you have problems with
IKE key management. See
manual key fields.
Note: Only use manual key as a temporary solution, because it is
not as secure as a regular IPSec SA.
Click Advanced to display more settings. Click Basic to display fewer settings.
Select the address or address group corresponding to the local network. Select
Create Object to configure a new one.
Select the address or address group corresponding to the remote network.
Select Create Object to configure a new one.
Clear this to allow traffic with source and destination IP addresses that do not
match the local and remote policy to use the VPN tunnel. Leave this cleared for
free access between the local and remote networks.
Note: Clear this to use the IPSec SA in a VPN concentrator.
Selecting this restricts who can use the VPN tunnel. The ZyWALL drops traffic
with source and destination IP addresses that do not match the local and
remote policy.
Click Advanced to display more settings. Click Basic to display fewer settings.
Chapter 21 IPSec VPN
Section 21.2.2 on page 370 for how to configure the
367