beautypg.com

Figure 162 security > vpn > global setting, Table 90 security > vpn > global setting – ZyXEL Communications ZyXEL ZyWALL 2WG User Manual

Page 290

background image

Chapter 14 IPSec VPN

ZyWALL 2WG User’s Guide

290

Figure 162 SECURITY > VPN > Global Setting

The following table describes the labels in this screen.

Table 90 SECURITY > VPN > Global Setting

LABEL

DESCRIPTION

Output Idle Timer

When traffic is sent to a remote IPSec router from which no reply is received

after the specified time period, the ZyWALL checks the VPN connectivity. If

the remote IPSec router does not reply, the ZyWALL automatically

disconnects the VPN tunnel.
Enter the time period (between 120 and 3600 seconds) to wait before the

ZyWALL checks all of the VPN connections to remote IPSec routers.
Enter 0 to disable this feature.

Input Idle Timer

When no traffic is received from a remote IPSec router after the specified

time period, the ZyWALL checks the VPN connectivity. If the remote IPSec

router does not reply, the ZyWALL automatically disconnects the VPN

tunnel.
Enter the time period (between 30 and 3600 seconds) to wait before the

ZyWALL checks all of the VPN connections to remote IPSec routers.
Enter 0 to disable this feature.

Gateway Domain

Name Update Timer

If you use dynamic domain names in VPN rules to identify the ZyWALL and/

or the remote IPSec router, the IP address mapped to the domain name can

change. The VPN tunnel stops working after the IP address changes. Any

users of the VPN tunnel are disconnected until the ZyWALL gets the new IP

address from a DNS server and rebuilds the VPN tunnel.
Enter the time period (between 2 and 60 minutes) to set how often the

ZyWALL queries a DNS server to update the IP address and domain name

mapping.
If the query returns a new IP address for a dynamic domain name, the

ZyWALL disconnects the VPN tunnel. The ZyWALL rebuilds the VPN tunnel

(using the new IP address) immediately if the IPSec SA is set to nailed up.

Otherwise the ZyWALL rebuilds the VPN tunnel when there are packets for it

or you manually dial it.
If the ZyWALL and all of the remote IPSec routers use static IP addresses or

regular domain names, you can enter 0 to disable this feature.

See also other documents in the category ZyXEL Communications Hardware: