Chapter 18 IPSec VPN
ZyWALL 5/35/70 Series User’s Guide
374
The following table describes the labels in this screen.
Table 103
SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy
LABEL
DESCRIPTION
Active
If the
Active
check box is selected, packets for the tunnel trigger the ZyWALL to
build the tunnel.
Clear the
Active
check box to turn the network policy off. The ZyWALL does not
apply the policy. Packets for the tunnel do not trigger the tunnel.
If you clear the
Active
check box while the tunnel is up (and click
Apply
), you
turn off the network policy and the tunnel goes down.
Name
Type a name to identify this VPN network policy. You may use any character,
including spaces, but the ZyWALL drops trailing spaces.
Protocol
Specify the number of an IP protocol type.
Enter 1 for ICMP, 6 for TCP, 17 for UDP, and so on. 0 is the default and
signifies any protocol.
Nailed-Up
Select this check box to turn on the nailed up feature for this SA.
Turn on nailed up to have the ZyWALL automatically reinitiate the SA after the
SA lifetime times out, even if there is no traffic. The ZyWALL also reinitiates the
SA when it restarts.
The ZyWALL also rebuilds the tunnel if it was disconnected due to the output or
input idle timer.
Allow NetBIOS
Traffic Through
IPSec Tunnel
This field is not available when the ZyWALL is in bridge mode.
NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that
enable a computer to connect to and communicate with a LAN. It may
sometimes be necessary to allow NetBIOS packets to pass through VPN
tunnels in order to allow local computers to find computers on the remote
network and vice versa.
Select this check box to send NetBIOS packets through the VPN connection.
Check IPSec Tunnel
Connectivity
Select the check box and configure an IP address in the
Ping this Address
field to have the ZyWALL periodically test the VPN tunnel to the remote IPSec
router.
The ZyWALL pings the IP address every minute. The ZyWALL starts the IPSec
connection idle timeout timer when it sends the ping packet. If there is no traffic
from the remote IPSec router by the time the timeout period expires, the
ZyWALL disconnects the VPN tunnel.
Log
Select this check box to set the ZyWALL to create logs when it cannot ping the
remote device.
Ping this Address
If you select
Check IPSec Tunnel Connectivity
, enter the IP address of a
computer at the remote IPSec network. The computer's IP address must be in
this IP policy's remote range (see the
Remote Network
fields).
Gateway Policy
Information
Gateway Policy
Select the gateway policy with which to use the VPN policy or store it in the
recycle bin (without an association to any gateway policy).
Virtual Address
Mapping Rule
Virtual address mapping over VPN is available with the routing mode.
Active
Enable this feature to have the ZyWALL use virtual (translated) IP addresses
for the local network for the VPN connection. You do not configure the
Local
Network
fields when you enable virtual address mapping.
Virtual address mapping allows local and remote networks to have overlapping
IP addresses. Virtual address mapping (NAT over IPSec) translates the source
IP addresses of computers on your local network to other (virtual) IP addresses
before sending the packets to the remote IPSec router. This translation hides
the source IP addresses of computers in the local network.
Содержание ZyWALL 35 Series
Страница 2: ......
Страница 8: ...Safety Warnings ZyWALL 5 35 70 Series User s Guide 8 ...
Страница 52: ...List of Tables ZyWALL 5 35 70 Series User s Guide 52 ...
Страница 54: ...54 ...
Страница 60: ...Chapter 1 Getting to Know Your ZyWALL ZyWALL 5 35 70 Series User s Guide 60 ...
Страница 86: ...Chapter 2 Introducing the Web Configurator ZyWALL 5 35 70 Series User s Guide 86 ...
Страница 126: ...Chapter 4 Tutorials ZyWALL 5 35 70 Series User s Guide 126 Figure 57 SECURITY VPN VPN Rules IKE Add Network Policy ...
Страница 140: ...Chapter 4 Tutorials ZyWALL 5 35 70 Series User s Guide 140 ...
Страница 146: ...Chapter 5 Registration ZyWALL 5 35 70 Series User s Guide 146 ...
Страница 147: ...147 PART II Network LAN Screens 149 Bridge Screens 161 WAN Screens 167 DMZ Screens 203 WLAN 213 ...
Страница 148: ...148 ...
Страница 160: ...Chapter 6 LAN Screens ZyWALL 5 35 70 Series User s Guide 160 ...
Страница 173: ...Chapter 8 WAN Screens ZyWALL 5 35 70 Series User s Guide 173 Figure 93 NETWORK WAN General ...
Страница 202: ...Chapter 8 WAN Screens ZyWALL 5 35 70 Series User s Guide 202 ...
Страница 212: ...Chapter 9 DMZ Screens ZyWALL 5 35 70 Series User s Guide 212 ...
Страница 242: ...242 ...
Страница 262: ...Chapter 11 Firewall ZyWALL 5 35 70 Series User s Guide 262 Figure 146 SECURITY FIREWALL Rule Summary Edit ...
Страница 274: ...Chapter 11 Firewall ZyWALL 5 35 70 Series User s Guide 274 ...
Страница 294: ...Chapter 13 Configuring IDP ZyWALL 5 35 70 Series User s Guide 294 ...
Страница 320: ...Chapter 15 Anti Spam ZyWALL 5 35 70 Series User s Guide 320 ...
Страница 342: ...Chapter 16 Content Filtering Screens ZyWALL 5 35 70 Series User s Guide 342 ...
Страница 350: ...Chapter 17 Content Filtering Reports ZyWALL 5 35 70 Series User s Guide 350 ...
Страница 363: ...Chapter 18 IPSec VPN ZyWALL 5 35 70 Series User s Guide 363 Figure 210 SECURITY VPN VPN Rules IKE Edit Gateway Policy ...
Страница 373: ...Chapter 18 IPSec VPN ZyWALL 5 35 70 Series User s Guide 373 Figure 213 SECURITY VPN VPN Rules IKE Edit Network Policy ...
Страница 424: ...Chapter 19 Certificates ZyWALL 5 35 70 Series User s Guide 424 ...
Страница 430: ...430 ...
Страница 448: ...Chapter 21 Network Address Translation NAT ZyWALL 5 35 70 Series User s Guide 448 ...
Страница 474: ...Chapter 24 Bandwidth Management ZyWALL 5 35 70 Series User s Guide 474 ...
Страница 514: ...Chapter 26 Remote Management ZyWALL 5 35 70 Series User s Guide 514 ...
Страница 533: ...533 PART V Reports Logs and Maintenance Reports 535 Logs Screens 547 Maintenance 575 ...
Страница 534: ...534 ...
Страница 551: ...Chapter 31 Logs Screens ZyWALL 5 35 70 Series User s Guide 551 Figure 334 LOGS Log Settings ...
Страница 592: ...Chapter 32 Maintenance ZyWALL 5 35 70 Series User s Guide 592 ...
Страница 594: ...594 Troubleshooting 751 Product Specifications 757 ...
Страница 602: ...Chapter 33 Introducing the SMT ZyWALL 5 35 70 Series User s Guide 602 ...
Страница 622: ...Chapter 35 WAN and Dial Backup Setup ZyWALL 5 35 70 Series User s Guide 622 ...
Страница 628: ...Chapter 36 LAN Setup ZyWALL 5 35 70 Series User s Guide 628 ...
Страница 634: ...Chapter 37 Internet Access ZyWALL 5 35 70 Series User s Guide 634 ...
Страница 638: ...Chapter 38 DMZ Setup ZyWALL 5 35 70 Series User s Guide 638 ...
Страница 642: ...Chapter 39 Route Setup ZyWALL 5 35 70 Series User s Guide 642 ...
Страница 658: ...Chapter 41 Remote Node Setup ZyWALL 5 35 70 Series User s Guide 658 ...
Страница 662: ...Chapter 42 IP Static Route Setup ZyWALL 5 35 70 Series User s Guide 662 ...
Страница 700: ...Chapter 45 Filter Configuration ZyWALL 5 35 70 Series User s Guide 700 ...
Страница 738: ...Chapter 50 Remote Management ZyWALL 5 35 70 Series User s Guide 738 ...
Страница 746: ...Chapter 51 IP Policy Routing ZyWALL 5 35 70 Series User s Guide 746 ...
Страница 766: ...766 ...
Страница 770: ...Appendix A Hardware Installation ZyWALL 5 35 70 Series User s Guide 770 ...
Страница 778: ...Appendix B Pop up Windows JavaScripts and Java Permissions ZyWALL 5 35 70 Series User s Guide 778 ...
Страница 780: ...Appendix C Removing and Installing a Fuse ZyWALL 5 35 70 Series User s Guide 780 ...
Страница 802: ...Appendix D Setting up Your Computer s IP Address ZyWALL 5 35 70 Series User s Guide 802 ...
Страница 816: ...Appendix F Common Services ZyWALL 5 35 70 Series User s Guide 816 ...
Страница 852: ...Appendix J Importing Certificates ZyWALL 5 35 70 Series User s Guide 852 ...
Страница 856: ...Appendix K Legal Information ZyWALL 5 35 70 Series User s Guide 856 ...
Страница 862: ...Appendix L Customer Support ZyWALL 5 35 70 Series User s Guide 862 ...