ZyXEL Prestige 792H SDSL Router 91-004-342004B Manual Do Utilizador
Códigos do produto
91-004-342004B
Prestige 792H G.SHDSL Router
VPN Screens
14-5
Table 14-2 VPN Summary
LABEL
DESCRIPTION
IPSec Algorithm This field displays the security protocols used for an SA.
Both AH and ESP increase Prestige processing requirements and communications latency
(delay).
(delay).
Secure Gateway
IP
IP
This is the IP address of the remote IPSec router. This must be a fixed, public IP address
for traffic going through the Internet.
for traffic going through the Internet.
Back
Click Back to return to the previous screen.
14.6 Keep Alive
When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the tunnel
when the IPSec SA lifetime period expires (see section 14.10 for more on the IPSec SA lifetime). In effect,
the IPSec tunnel becomes an “always on” connection after you initiate it. Both IPSec routers must have a
Prestige-compatible keep alive feature enabled in order for this feature to work.
If the Prestige has its maximum number of simultaneous IPSec tunnels connected to it and they all have keep
alive enabled, then no other tunnels can take a turn connecting to the Prestige because the Prestige never
drops the tunnels that are already connected. Check Table 1-1 Model Specific Features in chapter 1 to see
how many simultaneous IPSec SAs your Prestige model can support.
when the IPSec SA lifetime period expires (see section 14.10 for more on the IPSec SA lifetime). In effect,
the IPSec tunnel becomes an “always on” connection after you initiate it. Both IPSec routers must have a
Prestige-compatible keep alive feature enabled in order for this feature to work.
If the Prestige has its maximum number of simultaneous IPSec tunnels connected to it and they all have keep
alive enabled, then no other tunnels can take a turn connecting to the Prestige because the Prestige never
drops the tunnels that are already connected. Check Table 1-1 Model Specific Features in chapter 1 to see
how many simultaneous IPSec SAs your Prestige model can support.
When there is outbound traffic with no inbound traffic, the Prestige automatically
drops the tunnel after two minutes.
14.7 ID Type and Content
Regardless of the ID type and content configuration, the Prestige does not allow
you to save multiple active rules with overlapping local and remote IP addresses.
With aggressive negotiation mode (see section 14.10.1), the Prestige identifies incoming SAs by ID type and
content since this identifying information is not encrypted. This enables the Prestige to distinguish between
multiple rules for SAs that connect from remote IPSec routers that have dynamic WAN IP addresses.
Telecommuters can use separate passwords to simultaneously connect to the Prestige from IPSec routers with
dynamic IP addresses (see section 14.17.2 for a telecommuter configuration example).