ZyXEL Communications P-662H User Manual
P-662H/HW-D Series User’s Guide
Chapter 16 VPN Screens
243
16.6 Keep Alive
When you initiate an IPSec tunnel with keep alive enabled, the ZyXEL Device automatically
renegotiates the tunnel when the IPSec SA lifetime period expires (see
renegotiates the tunnel when the IPSec SA lifetime period expires (see
for more on the IPSec SA lifetime). In effect, the IPSec tunnel becomes an “always on”
connection after you initiate it. Both IPSec routers must have a ZyXEL Device-compatible
keep alive feature enabled in order for this feature to work.
keep alive feature enabled in order for this feature to work.
If the ZyXEL Device has its maximum number of simultaneous IPSec tunnels connected to it
and they all have keep alive enabled, then no other tunnels can take a turn connecting to the
ZyXEL Device because the ZyXEL Device never drops the tunnels that are already connected.
and they all have keep alive enabled, then no other tunnels can take a turn connecting to the
ZyXEL Device because the ZyXEL Device never drops the tunnels that are already connected.
When there is outbound traffic with no inbound traffic, the ZyXEL Device automatically
drops the tunnel after two minutes.
drops the tunnel after two minutes.
Remote
Address
This is the IP address(es) of computer(s) on the remote network behind the remote
IPSec router.
This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In
This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In
this case only the remote IPSec router can initiate the VPN.
The same (static) IP address is displayed twice when the Remote Address Type
The same (static) IP address is displayed twice when the Remote Address Type
field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single.
The beginning and ending (static) IP addresses, in a range of computers are
The beginning and ending (static) IP addresses, in a range of computers are
displayed when the Remote Address Type field in the VPN-IKE (or VPN-Manual
Key) screen is configured to Range.
A (static) IP address and a subnet mask are displayed when the Remote Address
A (static) IP address and a subnet mask are displayed when the Remote Address
Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Subnet.
Encap.
This field displays Tunnel or Transport mode (Tunnel is the default selection).
IPSec Algorithm This field displays the security protocols used for an SA.
Both AH and ESP increase ZyXEL Device processing requirements and
communications latency (delay).
Secure Gateway
IP
This is the static WAN IP address or URL of the remote IPSec router. This field
displays 0.0.0.0 when you configure the Secure Gateway Address field in the VPN-
IKE screen to 0.0.0.0.
Modify
Click the edit icon to go to the screen where you can edit the VPN configuration.
Click the delete icon to remove an existing VPN configuration.
Click the delete icon to remove an existing VPN configuration.
Back
Click Back to return to the previous screen.
Table 88 VPN Setup
LABEL
DESCRIPTION