EasyManua.ls Logo

ZyXEL Communications P-792H v3 - Telecommuters Using Unique Vpn Rules Example

ZyXEL Communications P-792H v3
297 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 13 VPN
P-79X Series User’s Guide
148
13.6.12.2 Telecommuters Using Unique VPN Rules Example
In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names
that are mapped to their dynamic WAN IP addresses (use Dynamic DNS to do this).
With aggressive negotiation mode (see Section 13.6.6 on page 144), the P-79X can use the ID
types and contents to distinguish between VPN rules. Telecommuters can each use a separate VPN
rule to simultaneously access a P-79X at headquarters. They can use different IPSec parameters.
The local IP addresses (or ranges of addresses) of the rules configured on the P-79X at
headquarters can overlap. The local IP addresses of the rules configured on the telecommuters’
IPSec routers should not overlap.
See the following table and figure for an example where three telecommuters each use a different
VPN rule for a VPN connection with a P-79X located at headquarters. The P-79X at headquarters
(HQ in the figure) identifies each incoming SA by its ID type and content and uses the appropriate
VPN rule to establish the VPN connection.
The P-79X at headquarters can also initiate VPN connections to the telecommuters since it can find
the telecommuters by resolving their domain names.
Figure 87 Telecommuters Using Unique VPN Rules Example
Local IP Address: Telecommuter A: 192.168.2.12
Telecommuter B: 192.168.3.2
Telecommuter C: 192.168.4.15
192.168.1.10
Remote IP
Address:
192.168.1.10 0.0.0.0 (N/A)
Table 57 Telecommuters Sharing One VPN Rule Example
FIELDS TELECOMMUTERS HEADQUARTERS
Table 58 Telecommuters Using Unique VPN Rules Example
TELECOMMUTERS HEADQUARTERS
All Telecommuter Rules: All Headquarters Rules:
My IP Address 0.0.0.0 My IP Address: bigcompanyhq.com
Secure Gateway Address: bigcompanyhq.com Local IP Address: 192.168.1.10
Remote IP Address: 192.168.1.10 Local ID Type: E-mail
Peer ID Type: E-mail Local ID Content: bob@bigcompanyhq.com
Peer ID Content: bob@bigcompanyhq.com
LAN
192.168.2.12
LAN
192.168.3.2
LAN
192.168.4.15
A
B
C
LAN
192.168.1.10
HQ
Internet

Table of Contents

Other manuals for ZyXEL Communications P-792H v3

Preview: Quick Start Guide
Quick Start Guide2 pages

Related product manuals