beautypg.com

14 vpn global setting, 1 local and remote ip address conflict resolution, Figure 186 security > vpn > sa monitor – ZyXEL Communications ZyWALL 2 Plus User Manual

Page 286: Table 73 security > vpn > sa monitor

background image

Chapter 14 IPSec VPN

ZyWALL 2 Plus User’s Guide

286

Figure 186 SECURITY > VPN > SA Monitor

The following table describes the labels in this screen.

14.14 VPN Global Setting

Click SECURITY > VPN > Global Setting to open the VPN Global Setting screen. Use this
screen to change settings that apply to all of your VPN tunnels.

14.14.1 Local and Remote IP Address Conflict Resolution

Normally, you do not configure your local VPN policy rule’s IP addresses to overlap with the
remote VPN policy rule’s IP addresses (see

Section 14.6.2 on page 271

). For example, you

usually would not configure both with 192.168.1.0. However, overlapping local and remote
network IP addresses can occur with dynamic VPN rules or IP alias.

14.14.1.1 Dynamic VPN Rule

Local and remote network IP addresses can overlap when you configure a dynamic VPN rule
for a remote site (see

Figure 187

). For example, when you configure ZyWALL X, you

configure the local network as 192.168.1.0/24 and the remote network as any (0.0.0.0). The
“any” includes all possible IP addresses. It will forward traffic from network A to network B
even if both the sender (for example 192.168.1.8) and the receiver (for example 192.168.1.9)
are in network A. Note that the remote access can still use the VPN tunnel to access computers
on ZyWALL X’s network.

Table 73 SECURITY > VPN > SA Monitor

LABEL

DESCRIPTION

#

This is the security association index number.

Name

This field displays the identification name for this VPN policy.

Local Network

This field displays the IP address of the computer using the VPN IPSec feature of

your ZyWALL.

Remote Network

This field displays IP address (in a range) of computers on the remote network

behind the remote IPSec router.

Encapsulation

This field displays Tunnel or Transport mode.

IPSec Algorithm

This field displays the security protocols used for an SA.
Both AH and ESP increase ZyWALL processing requirements and

communications latency (delay).

Refresh

Click Refresh to display the current active VPN connection(s).

Disconnect

Select a security association index number that you want to disconnect and then

click Disconnect.

See also other documents in the category ZyXEL Communications Hardware: