6 ipsec sa overview, 1 local network and remote network – ZyXEL Communications ZyWALL 2 Plus User Manual
Page 270
Chapter 14 IPSec VPN
ZyWALL 2 Plus User’s Guide
270
14.6 IPSec SA Overview
Once the ZyWALL and remote IPSec router have established the IKE SA, they can securely
negotiate an IPSec SA through which to send data between computers on the networks.
"
The IPSec SA stays connected even if the underlying IKE SA is not available
anymore.
This section introduces the key components of an IPSec SA.
14.6.1 Local Network and Remote Network
In an IPSec SA, the local network consists of devices connected to the ZyWALL and may be
called the local policy. Similarly, the remote network consists of the devices connected to the
remote IPSec router and may be called the remote policy.
You can configure a remote network as 0.0.0.0 (any) when:
• Forwarding all outgoing traffic to the remote gateway.
• The remote network's addresses are unknown or there are many remote networks using
one VPN rule (see
for an example of telecommuters sharing
one VPN rule).
"
It is not recommended to set a VPN rule’s local and remote network settings
both to 0.0.0.0 (any).
Associated
Network Policies
The following table shows the policy(ies) you configure for this rule.
To add a VPN policy, click the add network policy (
) icon in the VPN Rules
(IKE) screen (see
). Refer to
for more information.
#
This field displays the policy index number.
Name
This field displays the policy name.
Local Network
This field displays one or a range of IP address(es) of the computer(s) behind the
ZyWALL.
Remote Network
This field displays one or a range of IP address(es) of the remote network behind
the remote IPsec router.
Apply
Click Apply to save your changes back to the ZyWALL.
Cancel
Click Cancel to exit this screen without saving.
Table 67 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy (continued)
LABEL
DESCRIPTION