Filter
Top Products
Chapter 6 Device Security Settings
Vantage CNM User’s Guide
143
The following table describes the labels in this screen.
Table 54 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual)
> Add/Edit
LABEL DESCRIPTION
Property
Active Select this check box to activate this VPN policy.
Name Type up to 32 characters to identify this VPN policy. You may use any
character, including spaces, but the Vantage CNM drops trailing
spaces.
Allow NetBIOS Traffic
Through IPSec Tunnel
NetBIOS (Network Basic Input/Output System) are TCP or UDP
packets that enable a computer to find other computers. It may
sometimes be necessary to allow NetBIOS packets to pass through
VPN tunnels in order to allow local computers to find computers on the
remote network and vice versa.
Select this check box to send NetBIOS packets through the VPN
connection.
Local / Remote Network Local / Remote IP addresses must be static and correspond to the
remote IPSec router's configured remote IP addresses.
Two active SAs cannot have the local and remote IP address(es) both
the same. Two active SAs can have the same local or remote IP
address, but not both. You can configure multiple SAs between the
same local and remote IP addresses, as long as only one is active at
any time.
Starting Address When the Address Type field is configured to Single, enter a (static)
IP address on the LAN behind the device. When the Address Type
field is configured to Range, enter the beginning (static) IP address, in
a range of computers on the LAN behind the device. When the
Address Type field is configured to Subnet, this is a (static) IP
address on the LAN behind the device.
Ending Address/Subnet Mask When the Address Type field is configured to Single, this field is N/A.
When the Address Type field is configured to Range, enter the end
(static) IP address, in a range of computers on the LAN behind the
device. When the Address Type field is configured to Subnet, this is a
subnet mask on the LAN behind the device.
Gateway Policy Information
My ZyWALL This is the IP address of the local and remote computer(s) of the VPN
tunnel.
Remote Gateway Address Type the IP address of the computer with which you will make the VPN
connection or leave the field blank to have the device automatically
use the address in the Secure Gateway field.
Manual Proposal
SPI Type a number (base 10) from 1 to 999999 for the Security Parameter
Index.
Encapsulation Mode Select Tunnel mode or Transport mode from the drop-down list box.
Active Protocol Select ESP if you want to use ESP (Encapsulation Security Payload).
The ESP protocol (RFC 2406) provides encryption as well as some of
the services offered by AH. If you select ESP here, you must select
options from the Encryption Algorithm and Authentication
Algorithm fields.
Select AH if you want to use AH (Authentication Header Protocol). The
AH protocol (RFC 2402) was designed for integrity, authentication,
sequence integrity (replay resistance), and non-repudiation but not for
confidentiality, for which the ESP was designed. If you select AH here,
you must select options from the Authentication Algorithm field.