Filter
Top Products
Chapter 6 Device Security Settings
Vantage CNM User’s Guide
130
The following table describes the labels in this screen.
Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) >
Gateway Policy Add/Edit
LABEL DESCRIPTION
Property
NAT Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set
up a VPN connection when there are NAT routers between the two IPSec
routers.
Note: The remote IPSec router must also have NAT traversal
enabled.
You can use NAT traversal with ESP protocol using Transport or Tunnel
mode, but not with AH protocol nor with manual key management. In order for
an IPSec router behind a NAT router to receive an initiating IPSec packet, set
the NAT router to forward UDP port 500 to the IPSec router behind the NAT
router.
Name Type up to 32 characters to identify this VPN gateway policy. You may use
any character, including spaces, but the device drops trailing spaces.
Gateway Policy
Information
My ZyWALL Address
Type
This field specifies how the IP address of the device is specified.
IP Address: The device’s IP address is a static IP address.
Domain Name: The device’s IP address is the IP address mapped to a
specified domain name.
DDNS Domain Name: The device’s IP address is the IP address mapped to
a specified DDNS domain name.
The VPN tunnel has to be rebuilt if the device’s IP address changes after
setup.
My ZyWALL IP
Address
This field is enabled if My ZyWALL Address Type is IP Address.
Enter the device's static WAN IP address or leave the field set to 0.0.0.0. The
following applies if this field is configured as 0.0.0.0:
• When the WAN port operation mode is set to Active/Passive, the device
uses the IP address (static or dynamic) of the WAN port that is in use.
• When the WAN port operation mode is set to Active/Active, the device
uses the IP address (static or dynamic) of the primary (highest priority)
WAN port to set up the VPN tunnel as long as the corresponding WAN1 or
WAN2 connection is up. If the corresponding WAN1 or WAN2 connection
goes down, the device uses the IP address of the other WAN port.
• If both WAN connections go down, the device uses the dial backup IP
address for the VPN tunnel when using dial backup or the LAN IP address
when using traffic redirect. See the chapter on WAN for details on dial
backup and traffic redirect.
My ZyWALL Domain
Name
This field is enabled if My ZyWALL Address Type is IP Address.
Enter the domain name associated with the device in the VPN tunnel.
My DDNS Domain
Name
This field is enabled if My ZyWALL Address Type is IP Address.
Select the DDNS domain name associated with the device in the VPN tunnel.
Use the DDNS screens to configure these domain names.