![background image](/i/zyxel/144895/zyxel-zywall-2-ee/h/zyxel-zywall-2-ee-211.png)
ZyWALL 2 Series User’s Guide
VPN Screens
14-5
Table 14-2 VPN Rules
LABEL DESCRIPTION
Remote IP
Address
This is the IP address(es) of computer(s) on the remote network behind the remote IPSec
router.
This field displays
N/A
when the
Secure Gateway Address
field displays
0.0.0.0
. In this
case only the remote IPSec router can initiate the VPN.
The same (static) IP address is displayed twice when the
Remote Address Type
field in
the
Edit VPN Rule
(or
Manual Key
) screen is configured to
Single Address
.
The beginning and ending (static) IP addresses, in a range of computers are displayed
when the
Remote Address Type
field in the
Edit VPN Rule
(or
Manual Key
) screen is
configured to
Range Address
.
A (static) IP address and a subnet mask are displayed when the
Remote Address Type
field in the
Edit VPN Rule
(or
Manual Key
) screen is configured to
Subnet Address
.
Encap.
This field displays
Tunnel
or
Transport
mode (
Tunnel
is the default selection).
IPSec
Algorithm
This field displays the security protocols used for an SA.
Both
AH
and
ESP
increase ZyWALL processing requirements and communications
latency (delay).
Secure
Gateway
Address
This is the static WAN IP address or URL of the remote IPSec router. This field displays
0.0.0.0
when you configure the
Secure Gateway Address
field in the
Edit VPN Rule
screen to
0.0.0.0.
Edit
Click
Edit
to edit the VPN policy.
Delete
Click
Delete
to remove the VPN policy.
14.6 Keep Alive
When you initiate an IPSec tunnel with keep alive enabled, the ZyWALL automatically renegotiates the
tunnel when the IPSec SA lifetime period expires (see
section 14.13
for more on the IPSec SA lifetime). In
effect, the IPSec tunnel becomes an “always on” connection after you initiate it. Both IPSec routers must
have a ZyWALL-compatible keep alive feature enabled in order for this feature to work.
If the ZyWALL has its maximum number of simultaneous IPSec tunnels connected to it and they all have
keep alive enabled, then no other tunnels can take a turn connecting to the ZyWALL because the ZyWALL
never drops the tunnels that are already connected. Your ZyWALL model can support 5 simultaneous IPSec
SAs.