ZyXEL Communications ISG50 User Manual
Chapter 24 IPSec VPN
ISG50 User’s Guide
371
Each field is discussed in the following table. See
for more information.
24.2.1 The VPN Connection Add/Edit (IKE) Screen
The VPN Connection Add/Edit Gateway screen allows you to create a new VPN connection
policy or edit an existing one. To access this screen, go to the Configuration > VPN Connection
screen (see
policy or edit an existing one. To access this screen, go to the Configuration > VPN Connection
screen (see
), and click either the Add icon or an Edit icon. If you click
Table 122
Configuration > VPN > IPSec VPN > VPN Connection
LABEL
DESCRIPTION
Use Policy
Route to control
dynamic IPSec
rules
Route to control
dynamic IPSec
rules
Select this to be able to use policy routes to manually specify the destination
addresses of dynamic IPSec rules. You must manually create these policy routes.
The ISG50 automatically obtains source and destination addresses for dynamic
IPSec rules that do not match any of the policy routes.
addresses of dynamic IPSec rules. You must manually create these policy routes.
The ISG50 automatically obtains source and destination addresses for dynamic
IPSec rules that do not match any of the policy routes.
Clear this to have the ISG50 automatically obtain source and destination addresses
for all dynamic IPSec rules.
for all dynamic IPSec rules.
See
for how this option affects the routing table.
Ignore ""Don't
Fragment""
setting in
packet header
Fragment""
setting in
packet header
Select this to fragment packets larger than the MTU (Maximum Transmission Unit)
that have the “don’t” fragment” bit in the IP header turned on. When you clear this
the ISG50 drops packets larger than the MTU that have the “don’t” fragment” bit in
the header turned on.
that have the “don’t” fragment” bit in the IP header turned on. When you clear this
the ISG50 drops packets larger than the MTU that have the “don’t” fragment” bit in
the header turned on.
Add
Click this to create a new entry.
Edit
Double-click an entry or select it and click Edit to open a screen where you can
modify the entry’s settings.
modify the entry’s settings.
Remove
To remove an entry, select it and click Remove. The ISG50 confirms you want to
remove it before doing so.
remove it before doing so.
Activate
To turn on an entry, select it and click Activate.
Inactivate
To turn off an entry, select it and click Inactivate.
Connect
To connect an IPSec SA, select it and click Connect.
Disconnect
To disconnect an IPSec SA, select it and click Disconnect.
Object
References
References
Select an entry and click Object References to open a screen that shows which
settings use the entry. See
settings use the entry. See
for an example.
#
This field is a sequential value, and it is not associated with a specific connection.
Status
The activate (light bulb) icon is lit when the entry is active and dimmed when the
entry is inactive.
entry is inactive.
The connect icon is lit when the interface is connected and dimmed when it is
disconnected.
disconnected.
Name
This field displays the name of the IPSec SA.
VPN Gateway
This field displays the associated VPN gateway(s). If there is no VPN gateway, this
field displays “manual key”.
field displays “manual key”.
Encapsulation
This field displays what encapsulation the IPSec SA uses.
Algorithm
This field displays what encryption and authentication methods, respectively, the
IPSec SA uses.
IPSec SA uses.
Policy
This field displays the local policy and the remote policy, respectively.
Apply
Click Apply to save your changes back to the ISG50.
Reset
Click Reset to return the screen to its last-saved settings.