Chapter 33 IPSec VPN
ZyWALL Series CLI Reference Guide
284
[no] mode-config {first-wins |
second-wins}
Sets the IP address of the WINS (Windows Internet
Naming Service) server that you want to send to the
remote users. The WINS server keeps a mapping table
of the computer names on your network and the IP
addresses that they are currently using. The second-
wins server's IP address is checked if first-wins is
unavailable. The no command removes the setting.
conn-check {ip address ip address |
first-and-last} method {icmp | tcp}
period <5...3600> timeout <1...10>
fail-tolerance <1...10> action {log |
no-log} probe-condition {all | any}
Enables the IPSec VPN connection check. The Zyxel
Device can regularly check the VPN connection to the
gateway to specified to make sure it is still available.
ip address: Specifies one or two domain names or IP
addresses for the connectivity check. You can use one
IP address and one domain name. Separate them with
a comma, for example, 1.1.1.1,www.zyxel.com.
first-and-last: Checks the connection to the first
and last IP addresses in the connection’s remote policy.
Remote policy is the addresses of the devices behind
the remote IPSec router. Make sure one of these is the
peer gateway’s LAN IP address.
method: Sets how the Zyxel Device checks the
connection. The peer must be configured to respond to
the method you select.
Sets the method to icmp to have the Zyxel Device
regularly ping the address you specify to make sure
traffic can still go through the connection. You may
need to configure the peer to respond to pings.
Sets the method to tcp to have the Zyxel Device
regularly perform a TCP handshake with the address
you specify to make sure traffic can still go through the
connection You may need to configure the peer to
accept the TCP connection.
period: Sets the number of seconds between
connection check attempts.
time-out: Sets the number of seconds to wait for a
response before the attempt is a failure.
fail-tolerance: Sets the number of consecutive
failures allowed before the Zyxel Device disconnects
the VPN tunnel. The Zyxel Device resumes using the first
peer gateway address when the VPN connection
passes the connectivity check.
action: Sets the action to log to have the Zyxel
Device generate a log every time it checks this VPN.
Sets the action to no-log to have the Zyxel Device
take no action when it checks this VPN.
probe-condition: Sets the probe-condition to any if
you want the check to pass when at least one of the
domain names or IP addresses responds.
Sets the probe-condition all if you want the check to
pass only when both domain names or IP addresses
respond.
Table 148 crypto Commands: IPSec SAs (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
