ZyXEL Communications ZyXEL ZyWALL P1 User Manual

ZyWALL P1 User’s Guide

142

Chapter 9 VPN Screens

Nailed-Up

Select this check box to turn on the nailed up feature for this SA.
Turn on nailed up to have the ZyWALL automatically reinitiate the SA after the

SA lifetime times out, even if there is no traffic. The ZyWALL also reinitiates the

SA when it restarts.

Allow NetBIOS

Traffic Through

IPSec Tunnel

NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast

packets that enable a computer to connect to and communicate with a LAN. It

may sometimes be necessary to allow NetBIOS packets to pass through VPN

tunnels in order to allow local computers to find computers on the remote

network and vice versa.
Select this check box to send NetBIOS packets through the VPN connection.

Check IPSec Tunnel

Connectivity

Select the check box and configure an IP address in the Ping this Address field

to have the ZyWALL periodically test the VPN tunnel to the remote IPSec router.
The ZyWALL pings the IP address every minute. The ZyWALL starts the IPSec

connection idle timeout timer when it sends the ping packet. If there is no traffic

from the remote IPSec router by the time the timeout period expires, the

ZyWALL disconnects the VPN tunnel.

Log

Ping this Address

If you select Check IPSec Tunnel Connectivity, enter the IP address of a

computer at the remote IPSec network. The computer's IP address must be in

this IP policy's remote range (see the Remote Network fields).

Gateway Policy

Information

Select the gateway policy to wich you want to use the VPN policy.

Local Network

Local IP addresses must be static and correspond to the remote IPSec router's

configured remote IP addresses.
Two active SAs cannot have the local and remote IP address(es) both the same.

Two active SAs can have the same local or remote IP address, but not both.

You can configure multiple SAs between the same local and remote IP

addresses, as long as only one is active at any time.

Address Type

Use the drop-down list box to choose Single Address, Range Address, or

Subnet Address. Select Single Address for a single IP address. Select Range

Address for a specific range of IP addresses. Select Subnet Address to

specify IP addresses on a network by their subnet mask.

Starting IP Address

When the Address Type field is configured to Single Address, enter a (static)

IP address on the LAN behind your ZyWALL. When the Address Type field is

configured to Range Address, enter the beginning (static) IP address, in a

range of computers on the LAN behind your ZyWALL. When the Address Type

field is configured to Subnet Address, this is a (static) IP address on the LAN

behind your ZyWALL.

Ending IP Address/

Subnet Mask

When the Address Type field is configured to Single Address, this field is N/A.

When the Address Type field is configured to Range Address, enter the end

(static) IP address, in a range of computers on the LAN behind your ZyWALL.

When the Address Type field is configured to Subnet Address, this is a subnet

mask on the LAN behind your ZyWALL.

Local Port

0 is the default and signifies any port. Type a port number from 0 to 65535 in the

Start and End fields. Some of the most common IP ports are: 21, FTP; 53, DNS;

23, Telnet; 80, HTTP; 25, SMTP; 110, POP3

Remote Network

Remote IP addresses must be static and correspond to the remote IPSec

router's configured local IP addresses.
Two active SAs cannot have the local and remote IP address(es) both the same.

Two active SAs can have the same local or remote IP address, but not both.

You can configure multiple SAs between the same local and remote IP

addresses, as long as only one is active at any time.

Table 44 VPN Rules (IKE): Add Policy (continued)

LABEL

DESCRIPTION