EasyManua.ls Logo

ZyXEL Communications P-793H v3 - Pre-Shared Key; Diffie-Hellman (DH) Key Groups; Telecommuter Vpn;Ipsec Examples

ZyXEL Communications P-793H v3
297 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 13 VPN
P-79X Series User’s Guide
147
13.6.10 Pre-Shared Key
A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section
13.6.5 on page 143 for more on IKE phases). It is called “pre-shared” because you have to share it
with another party before you can communicate with them over a secure connection.
13.6.11 Diffie-Hellman (DH) Key Groups
Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a
shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA
setup to establish session keys. 768-bit (Group 1 - DH1) and 1024-bit (Group 2 – DH2) Diffie-
Hellman groups are supported. Upon completion of the Diffie-Hellman exchange, the two peers
have a shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys.
13.6.12 Telecommuter VPN/IPSec Examples
The following examples show how multiple telecommuters can make VPN connections to a single P-
79X at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The P-
79X at headquarters has a static public IP address.
13.6.12.1 Telecommuters Sharing One VPN Rule Example
See the following figure and table for an example configuration that allows multiple telecommuters
(A, B and C in the figure) to use one VPN rule to simultaneously access a P-79X at headquarters
(HQ in the figure). The telecommuters do not have domain names mapped to the WAN IP
addresses of their IPSec routers. The telecommuters must all use the same IPSec parameters but
the local IP addresses (or ranges of addresses) should not overlap.
Figure 86 Telecommuters Sharing One VPN Rule Example
Table 57 Telecommuters Sharing One VPN Rule Example
FIELDS TELECOMMUTERS HEADQUARTERS
My IP Address: 0.0.0.0 (dynamic IP address
assigned by the ISP)
Public static IP address
Secure Gateway IP
Address:
Public static IP address 0.0.0.0 With this IP address only
the telecommuter can initiate the IPSec
tunnel.
LAN
192.168.2.12
LAN
192.168.3.2
LAN
192.168.4.15
A
B
C
LAN
192.168.1.10
HQ
Internet

Table of Contents

Related product manuals