User's Manual

ManualsBrandsZyXEL ManualsNetworkingISG50

371

372

373

374

375

376

377

378

379

380

Chapter 24 IPSec VPN

ISG50 User’s Guide

371

Each field is discussed in the following table. See Section 24.2.2 on page 377 and Section 24.2.1 on

page 371 for more information.

24.2.1 The VPN Connection Add/Edit (IKE) Screen

The VPN Connection Add/Edit Gateway screen allows you to create a new VPN connection

policy or edit an existing one. To access this screen, go to the Configuration > VPN Connection

screen (see Section 24.2 on page 370), and click either the Add icon or an Edit icon. If you click

Table 122 Configuration > VPN > IPSec VPN > VPN Connection

LABEL DESCRIPTION

Use Policy

Route to control

dynamic IPSec

rules

Select this to be able to use policy routes to manually specify the destination

addresses of dynamic IPSec rules. You must manually create these policy routes.

The ISG50 automatically obtains source and destination addresses for dynamic

IPSec rules that do not match any of the policy routes.

Clear this to have the ISG50 automatically obtain source and destination addresses

for all dynamic IPSec rules.

See Section 6.5.1 on page 95 for how this option affects the routing table.

Ignore ""Don't

Fragment""

setting in

packet header

Select this to fragment packets larger than the MTU (Maximum Transmission Unit)

that have the “don’t” fragment” bit in the IP header turned on. When you clear this

the ISG50 drops packets larger than the MTU that have the “don’t” fragment” bit in

the header turned on.

Add Click this to create a new entry.

Edit Double-click an entry or select it and click Edit to open a screen where you can

modify the entry’s settings.

Remove To remove an entry, select it and click Remove. The ISG50 confirms you want to

remove it before doing so.

Activate To turn on an entry, select it and click Activate.

Inactivate To turn off an entry, select it and click Inactivate.

Connect To connect an IPSec SA, select it and click Connect.

Disconnect To disconnect an IPSec SA, select it and click Disconnect.

Object

References

Select an entry and click Object References to open a screen that shows which

settings use the entry. See Section 12.3.2 on page 246 for an example.

# This field is a sequential value, and it is not associated with a specific connection.

Status The activate (light bulb) icon is lit when the entry is active and dimmed when the

entry is inactive.

The connect icon is lit when the interface is connected and dimmed when it is

disconnected.

Name This field displays the name of the IPSec SA.

VPN Gateway This field displays the associated VPN gateway(s). If there is no VPN gateway, this

field displays “manual key”.

Encapsulation This field displays what encapsulation the IPSec SA uses.

Algorithm This field displays what encryption and authentication methods, respectively, the

IPSec SA uses.

Policy This field displays the local policy and the remote policy, respectively.

Apply Click Apply to save your changes back to the ISG50.

Reset Click Reset to return the screen to its last-saved settings.