Chapter 21 IPSec VPN
USG20(W)-VPN Series User’s Guide
339
Each field is discussed in the following table.
21.2.1 The VPN Connection Add/Edit (IKE) Screen
The
VPN Connection Add/Edit Gateway
screen allows you to create a new VPN connection
policy or edit an existing one. To access this screen, go to the
Configuration > VPN Connection
), and click either the
Add
icon or an
Edit
icon.
Table 134
Configuration > VPN > IPSec VPN > VPN Connection
LABEL
DESCRIPTION
Global Setting
The following two fields are for all IPSec VPN policies.
Click on the VPN icon to go to the ZyXEL VPN Client product page at the ZyXEL website.
Use Policy
Route to
control
dynamic
IPSec rules
Select this to be able to use policy routes to manually specify the destination addresses of
dynamic IPSec rules. You must manually create these policy routes. The USG automatically
obtains source and destination addresses for dynamic IPSec rules that do not match any of
the policy routes.
Clear this to have the USG automatically obtain source and destination addresses for all
dynamic IPSec rules.
Ignore
"Don't
Fragment"
setting in
packet
header
Select this to fragment packets larger than the MTU (Maximum Transmission Unit) that have
the "Don't Fragment" bit in the IP header turned on. When you clear this the USG drops
packets larger than the MTU that have the "Don't Fragment" bit in the header turned on.
IPv4 / IPv6
Configuration
Add
Click this to create a new entry.
Edit
Double-click an entry or select it and click
Edit
to open a screen where you can modify the
entry’s settings.
Remove
To remove an entry, select it and click
Remove
. The USG confirms you want to remove it
before doing so.
Activate
To turn on an entry, select it and click
Activate
.
Inactivate
To turn off an entry, select it and click
Inactivate
.
Connect
To connect an IPSec SA, select it and click
Connect
.
Disconnect
To disconnect an IPSec SA, select it and click
Disconnect
.
Object
Reference
Select an entry and click
Object Reference
to open a screen that shows which settings use
the entry. See
for an example.
#
This field is a sequential value, and it is not associated with a specific connection.
Status
The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is
inactive.
The connect icon is lit when the interface is connected and dimmed when it is disconnected.
Name
This field displays the name of the IPSec SA.
VPN Gateway
This field displays the VPN gateway in use for this VPN connection.
Gateway IP
Version
This field displays what IP version the associated VPN gateway(s) is using. An IPv4 gateway
may use an IKEv1 or IKEv2 SA. An IPv6 gateway may use IKEv2 only.
Policy
This field displays the local policy and the remote policy, respectively.
Apply
Click
Apply
to save your changes back to the USG.
Reset
Click
Reset
to return the screen to its last-saved settings.
Summary of Contents for ZyWall USG20-VPN
Page 17: ...17 PART I User s Guide ...
Page 18: ...18 ...
Page 99: ...99 PART II Technical Reference ...
Page 100: ...100 ...