Figure 189 security > vpn > global setting, Table 74 security > vpn > global setting – ZyXEL Communications ZyWALL 2 Plus User Manual

Chapter 14 IPSec VPN

ZyWALL 2 Plus User’s Guide

288

Figure 189 SECURITY > VPN > Global Setting

The following table describes the labels in this screen.

Table 74 SECURITY > VPN > Global Setting

LABEL

DESCRIPTION

Output Idle Timer

The ZyWALL disconnects a VPN tunnel if the remote IPSec router does not

reply for this number of seconds.

Input Idle Timer

When no traffic is received from a remote IPSec router after the specified

time period, the ZyWALL disconnects the VPN tunnel. 0 disables the check

(this is the default setting).
The output idle timer never takes effect if you set this timer to a shorter

period.

Gateway Domain

Name Update Timer

This field is applicable when you enter a domain name to identify the

ZyWALL and/or the remote secure gateway.
Enter the time period (between 2 and 60 minutes) to wait before the ZyWALL

updates the domain name and IP address mapping through a DNS server.

The ZyWALL rebuilds the VPN tunnel if it finds that the domain name is now

using a different IP address (any users of the VPN tunnel will be temporarily

disconnected).
Enter 0 to disable this feature.

Adjust TCP Maximum

Segment Size

The TCP packets are larger after the ZyWALL encrypts them for VPN. The

ZyWALL fragments packets that are larger than a connection’s MTU

(Maximum Transmit Unit).
In most cases you should leave this set to Auto. The ZyWALL automatically

sets the Maximum Segment Size (MSS) of the TCP packets that are to be

encrypted by VPN based on the encapsulation type.
Select Off to not adjust the MSS for the encrypted TCP packets.
If your network environment causes fragmentation issues that are affecting

your throughput performance, you can manually set a smaller MSS for the

TCP packets that are to be encrypted by VPN. Select User-Defined and

specify a size from 0~1460 bytes. 0 has the ZyWALL use the auto setting.