ZyXEL Communications USG 2000 User Manual

Chapter 25 IPSec VPN

ZyWALL USG 2000 User’s Guide

445

SA). Click a column’s heading cell to sort the table entries by that column’s
criteria. Click the heading cell again to reverse the sort order.

Figure 328 Configuration > VPN > IPSec VPN > VPN Connection

Each field is discussed in the following table. See

Section 25.2.2 on page 453

and

Section 25.2.1 on page 446

for more information.

Table 117 Configuration > VPN > IPSec VPN > VPN Connection

LABEL

DESCRIPTION

Use Policy
Route to
control
dynamic
IPSec rules

Select this to be able to use policy routes to manually specify the
destination addresses of dynamic IPSec rules. You must manually create
these policy routes. The ZyWALL automatically obtains source and
destination addresses for dynamic IPSec rules that do not match any of
the policy routes.

Clear this to have the ZyWALL automatically obtain source and
destination addresses for all dynamic IPSec rules.

See

Section 6.4.2 on page 101

for how this option affects the routing

table.

Ignore
""Don't
Fragment""
setting in
packet header

Select this to fragment packets larger than the MTU (Maximum
Transmission Unit) that have the “don’t” fragment” bit in the IP header
turned on. When you clear this the ZyWALL drops packets larger than the
MTU that have the “don’t” fragment” bit in the header turned on.

Add

Click this to create a new entry.

Edit

Double-click an entry or select it and click Edit to open a screen where
you can modify the entry’s settings.

Remove

To remove an entry, select it and click Remove. The ZyWALL confirms
you want to remove it before doing so.

Activate

To turn on an entry, select it and click Activate.

Inactivate

To turn off an entry, select it and click Inactivate.

Connect

To connect an IPSec SA, select it and click Connect.