Chapter 21 IPSec VPN
USG20(W)-VPN Series User’s Guide
339
Each field is discussed in the following table.
21.2.1 The VPN Connection Add/Edit (IKE) Screen
The VPN Connection Add/Edit Gateway screen allows you to create a new VPN connection
policy or edit an existing one. To access this screen, go to the Configuration > VPN Connection
screen (see Section 21.2 on page 338), and click either the Add icon or an Edit icon.
Table 134 Configuration > VPN > IPSec VPN > VPN Connection
LABEL DESCRIPTION
Global Setting The following two fields are for all IPSec VPN policies.
Click on the VPN icon to go to the ZyXEL VPN Client product page at the ZyXEL website.
Use Policy
Route to
control
dynamic
IPSec rules
Select this to be able to use policy routes to manually specify the destination addresses of
dynamic IPSec rules. You must manually create these policy routes. The USG automatically
obtains source and destination addresses for dynamic IPSec rules that do not match any of
the policy routes.
Clear this to have the USG automatically obtain source and destination addresses for all
dynamic IPSec rules.
Ignore
"Don't
Fragment"
setting in
packet
header
Select this to fragment packets larger than the MTU (Maximum Transmission Unit) that have
the "Don't Fragment" bit in the IP header turned on. When you clear this the USG drops
packets larger than the MTU that have the "Don't Fragment" bit in the header turned on.
IPv4 / IPv6
Configuration
Add Click this to create a new entry.
Edit Double-click an entry or select it and click Edit to open a screen where you can modify the
entry’s settings.
Remove To remove an entry, select it and click Remove. The USG confirms you want to remove it
before doing so.
Activate To turn on an entry, select it and click Activate.
Inactivate To turn off an entry, select it and click Inactivate.
Connect To connect an IPSec SA, select it and click Connect.
Disconnect To disconnect an IPSec SA, select it and click Disconnect.
Object
Reference
Select an entry and click Object Reference to open a screen that shows which settings use
the entry. See Section 9.3.2 on page 164 for an example.
# This field is a sequential value, and it is not associated with a specific connection.
Status The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is
inactive.
The connect icon is lit when the interface is connected and dimmed when it is disconnected.
Name This field displays the name of the IPSec SA.
VPN Gateway This field displays the VPN gateway in use for this VPN connection.
Gateway IP
Version
This field displays what IP version the associated VPN gateway(s) is using. An IPv4 gateway
may use an IKEv1 or IKEv2 SA. An IPv6 gateway may use IKEv2 only.
Policy This field displays the local policy and the remote policy, respectively.
Apply Click Apply to save your changes back to the USG.
Reset Click Reset to return the screen to its last-saved settings.
To Next Page
Loading...
