Keep Alive; Table 16-2 Vpn Summary - ZyXEL Communications Prestige 662HW Series User Manual

Prestige 662HW Series User's Guide
LABEL
No. This is the VPN policy index number. Click a number to edit VPN policies.
Name This field displays the identification name for this VPN policy.
This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy
Active
is active. No signifies that this VPN policy is not active.
Local Address This is the IP address(es) of computer(s) on your local network behind your Prestige.
The same (static) IP address is displayed twice when the Local Address Type field in the
VPN-IKE (or VPN-Manual Key) screen is configured to Single.
The beginning and ending (static) IP addresses, in a range of computers are displayed when
the Local Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to
Range.
A (static) IP address and a subnet mask are displayed when the Local Address Type field in
the VPN-IKE (or VPN-Manual Key) screen is configured to Subnet.
Remote Address This is the IP address(es) of computer(s) on the remote network behind the remote IPSec
router.
This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In this case
only the remote IPSec router can initiate the VPN.
The same (static) IP address is displayed twice when the Remote Address Type field in the
VPN-IKE (or VPN-Manual Key) screen is configured to Single.
The beginning and ending (static) IP addresses, in a range of computers are displayed when
the Remote Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured
to Range.
A (static) IP address and a subnet mask are displayed when the Remote Address Type field
in the VPN-IKE (or VPN-Manual Key) screen is configured to Subnet.
Encap. This field displays Tunnel or Transport mode (Tunnel is the default selection).
IPSec Algorithm This field displays the security protocols used for an SA.
Both AH and ESP increase Prestige processing requirements and communications latency
(delay).
Secure Gateway This is the static WAN IP address or URL of the remote IPSec router. This field displays
IP 0.0.0.0 when you configure the Secure Gateway Address field in the VPN-IKE screen to
0.0.0.0.
Back Click Back to return to the previous screen.

16.6 Keep Alive

When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the
tunnel when the IPSec SA lifetime period expires (see section 16.11 for more on the IPSec SA
lifetime). In effect, the IPSec tunnel becomes an "always on" connection after you initiate it. Both
IPSec routers must have a Prestige-compatible keep alive feature enabled in order for this feature to
work.
If the Prestige has its maximum number of simultaneous IPSec tunnels connected to it and they all
have keep alive enabled, then no other tunnels can take a turn connecting to the Prestige because the
Prestige never drops the tunnels that are already connected. Check section 1.2 Features of the Prestige
in chapter 1 to see how many simultaneous IPSec SAs your Prestige model can support.
16-4

Table 16-2 VPN Summary

DESCRIPTION
VPN Screens