ZyXEL Vantage CNM User Guide - Page 161
Device Operation > Device Configuration > Security > VPN > Global
View all ZyXEL Vantage CNM manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 161 highlights
Chapter 6 Device Security Settings Table 55 Device Operation > Device Configuration > Security > VPN > Global Setting (continued) LABEL DESCRIPTION Gateway Domain This field is applicable when you enter a domain name to identify Name Update Timer the device and/or the remote secure gateway. Enter the time period (between 2 and 60 minutes) to wait before the device updates the domain name and IP address mapping through a DNS server. The device rebuilds the VPN tunnel if it finds that the domain name is now using a different IP address (any users of the VPN tunnel will be temporarily disconnected). VPN rules skip applying to the overlap range of local and remote IP addresses Enter 0 to disable this feature. When you configure a VPN rule, the device checks to make sure that the IP addresses in the local and remote networks do not overlap. Select Turn Off box to disable the check if you need to configure a VPN policy with overlapping local and remote IP addresses. Adjust TCP Maximum Segment Size IPSec MSS Apply Reset Note: If a VPN policy's local and remote IP addresses overlap, you may not be able to access the device on your LAN because the device automatically triggers a VPN tunnel to the remote device with the same IP address. The TCP packets are larger after the device encrypts them for VPN. The device fragments packets that are larger than a connection's MTU (Maximum Transmit Unit). In most cases you should leave this set to Auto. The device automatically sets the Maximum Segment Size (MSS) of the TCP packets that are to be encrypted by VPN based on the encapsulation type. Select Off to not adjust the MSS for the encrypted TCP packets. If your network environment causes fragmentation issues that are affecting your throughput performance, you can manually set a smaller MSS for the TCP packets that are to be encrypted by VPN. Select User Define, and specify a size in the IPSec MSS field. This field is enabled if Adjust TCP Maximum Segment Size is User Define. Specify the Maximum Segment Size (MSS) for the TCP packets that are to be encrypted by VPN. Specify a size from 0~1460 bytes. 0 has the device use the auto setting. Click this to save your changes back to the device. Click this to begin configuring this screen afresh. Vantage CNM User's Guide 161