Chapter 29 IPSec VPN
ZyWALL/USG Series User’s Guide
547
Check Period Enter the number of seconds between connection check attempts.
Check Timeout Enter the number of seconds to wait for a response before the attempt is a failure.
Check Fail
Tolerance
Enter the number of consecutive failures allowed before the ZyWALL/USG disconnects
the VPN tunnel. The ZyWALL/USG resumes using the first peer gateway address
when the VPN connection passes the connectivity check.
Check this Address Select this to specify a domain name or IP address for the connectivity check. Enter
that domain name or IP address in the field next to it.
Check the First
and Last IP
Address in the
Remote Policy
Select this to have the ZyWALL/USG check the connection to the first and last IP
addresses in the connection’s remote policy. Make sure one of these is the peer
gateway’s LAN IP address.
Log Select this to have the ZyWALL/USG generate a log every time it checks this VPN
connection.
Inbound/Outbound
traffic NAT
Outbound Traffic
Source NAT This translation hides the source address of computers in the local network. It may
also be necessary if you want the ZyWALL/USG to route packets from computers
outside the local network through the IPSec SA.
Source Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the computer
or network outside the local network. The size of the original source address range
(Source) must be equal to the size of the translated source address range (SNAT).
Destination Select the address object that represents the original destination address (or select
Create Object to configure a new one). This is the address object for the remote
network.
SNAT Select the address object that represents the translated source address (or select
Create Object to configure a new one). This is the address object for the local
network. The size of the original source address range (Source) must be equal to the
size of the translated source address range (SNAT).
Inbound Traffic
Source NAT This translation hides the source address of computers in the remote network.
Source Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the remote
network. The size of the original source address range (Source) must be equal to the
size of the translated source address range (SNAT).
Destination Select the address object that represents the original destination address (or select
Create Object to configure a new one). This is the address object for the local
network.
SNAT Select the address object that represents the translated source address (or select
Create Object to configure a new one). This is the address that hides the original
source address. The size of the original source address range (Source) must be
equal to the size of the translated source address range (SNAT).
Destination NAT This translation forwards packets (for example, mail) from the remote network to a
specific computer (for example, the mail server) in the local network.
Add Click this to create a new entry. Select an entry and click Add to create a new entry
after the selected entry.
Edit Select an entry and click this to be able to modify it.
Remove Select an entry and click this to delete it.
Table 209 Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (continued)
LABEL DESCRIPTION
To Next Page
Loading...
