Chapter 20 IPSec VPN
ZyWALL ATP Series User’s Guide
392
Check Port
This field displays when you set the
Check Method
to
tcp
. Specify the port number to use
for a TCP connectivity check.
Check Period
Enter the number of seconds between connection check attempts.
Check Timeout
Enter the number of seconds to wait for a response before the attempt is a failure.
Check Fail
Tolerance
Enter the number of consecutive failures allowed before the Zyxel Device disconnects
the VPN tunnel. The Zyxel Device resumes using the first peer gateway address when the
VPN connection passes the connectivity check.
Check this Address
Select this to specify a domain name or IP address for the connectivity check. Enter that
domain name or IP address in the field next to it.
Check the First and
Last IP Address in
the Remote Policy
Select this to have the Zyxel Device check the connection to the first and last IP
addresses in the connection’s remote policy. Make sure one of these is the peer
gateway’s LAN IP address.
Log
Select this to have the Zyxel Device generate a log every time it checks this VPN
connection.
Inbound/Outbound
traffic NAT
Outbound Traffic
Source NAT
This translation hides the source address of computers in the local network. It may also be
necessary if you want the Zyxel Device to route packets from computers outside the local
network through the IPSec SA.
Source
Select the address object that represents the original source address (or select
Create
Object
to configure a new one). This is the address object for the computer or network
outside the local network. The size of the original source address range (
Source
) must be
equal to the size of the translated source address range (
SNAT
).
Destination
Select the address object that represents the original destination address (or select
Create Object
to configure a new one). This is the address object for the remote network.
SNAT
Select the address object that represents the translated source address (or select
Create
Object
to configure a new one). This is the address object for the local network. The size
of the original source address range (
Source
) must be equal to the size of the translated
source address range (
SNAT
).
Inbound Traffic
Source NAT
This translation hides the source address of computers in the remote network.
Source
Select the address object that represents the original source address (or select
Create
Object
to configure a new one). This is the address object for the remote network. The size
of the original source address range (
Source
) must be equal to the size of the translated
source address range (
SNAT
).
Destination
Select the address object that represents the original destination address (or select
Create Object
to configure a new one). This is the address object for the local network.
SNAT
Select the address object that represents the translated source address (or select
Create
Object
to configure a new one). This is the address that hides the original source address.
The size of the original source address range (
Source
) must be equal to the size of the
translated source address range (
SNAT
).
Destination NAT
This translation forwards packets (for example, mail) from the remote network to a
specific computer (for example, the mail server) in the local network.
Add
Click this to create a new entry. Select an entry and click
Add
to create a new entry after
the selected entry.
Edit
Select an entry and click this to be able to modify it.
Remove
Select an entry and click this to delete it.
Table 156 Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (continued)
LABEL
DESCRIPTION