Chapter 11 IPSec VPN
USG FLEX H Series User’s Guide
166
IPSec VPN Example Scenario
Here is an example site-to-site IPSec VPN scenario.
Figure 118 Site-to-site IPSec VPN Example
11.2.1 What You Can Do in this Chapter
• Use the Site to Site VPN screen (see Section 11.3 on page 167) to view a summary of the VPN rules.
• Use the Site to Site VPN Add/Edit screens (see Section 11.3.2 on page 174 and Section 11.3.2 on page
174) to create a VPN rule using the wizard or create a customized VPN rule with advanced settings.
• Use the Remote Access VPN screen (see Section 11.4 on page 178) to create a remote access VPN
rule.
11.2.2 What You Need to Know
An IPSec VPN tunnel is usually established in two phases. Each phase establishes a security association
(SA), a contract indicating what security parameters the Zyxel Device and the remote IPSec router will
use. The first phase establishes an Internet Key Exchange (IKE) SA between the Zyxel Device and remote
IPSec router. The second phase uses the IKE SA to securely establish an IPSec SA through which the Zyxel
Device and remote IPSec router can send data between computers on the local network and remote
network. This is illustrated in the following figure.
Figure 119 VPN: IKE SA and IPSec SA
In this example, a computer in network A is exchanging data with a computer in network B. Inside
networks A and B, the data is transmitted the same way data is normally transmitted in the networks.
Between routers X and Y, the data is protected by tunneling, encryption, authentication, and other
To Next Page
Loading...
