Chapter 19 IPSec VPN
ZyWALL 5/35/70 Series User’s Guide
383
19.11.1 Telecommuters Sharing One VPN Rule Example
See the following figure and table for an example configuration that allows multiple
telecommuters (A, B and C in the figure) to use one VPN rule to simultaneously access a
ZyWALL at headquarters (HQ in the figure). The telecommuters do not have domain names
mapped to the WAN IP addresses of their IPSec routers. The telecommuters must all use the
same IPSec parameters but the local IP addresses (or ranges of addresses) should not overlap.
Figure 220 Telecommuters Sharing One VPN Rule Example
19.11.2 Telecommuters Using Unique VPN Rules Example
In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain
names that are mapped to their dynamic WAN IP addresses (use Dynamic DNS to do this).
With aggressive negotiation mode (see Negotiation Mode on page 391), the ZyWALL can use
the ID types and contents to distinguish between VPN rules. Telecommuters can each use a
separate VPN rule to simultaneously access a ZyWALL at headquarters. They can use
different IPSec parameters. The local IP addresses (or ranges of addresses) of the rules
configured on the ZyWALL at headquarters can overlap. The local IP addresses of the rules
configured on the telecommuters’ IPSec routers should not overlap.
Table 109 Telecommuters Sharing One VPN Rule Example
FIELDS TELECOMMUTERS HEADQUARTERS
My ZyWALL: 0.0.0.0 (dynamic IP address
assigned by the ISP)
Public static IP address
Remote Gateway
Address:
Public static IP address 0.0.0.0 With this setting only the
telecommuter can initiate the IPSec
tunnel.
Local Network - Single
IP Address:
Telecommuter A: 192.168.2.12
Telecommuter B: 192.168.3.2
Telecommuter C: 192.168.4.15
192.168.1.10
Remote Network -
Single IP Address:
192.168.1.10 Not Applicable
To Next Page
Loading...
