EasyManua.ls Logo

ZyXEL Communications USG310 - What You Can Do in this Chapter; What You Need to Know

ZyXEL Communications USG310
1090 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 30 IPSec VPN
ZyWALL USG Series User’s Guide
607
L2TP VPN
L2TP VPN uses the L2TP and IPSec client software included in remote users’ Android, iOS, or Windows
operating systems for secure connections to the network behind the Zyxel Device. The remote users do
not need their own IPSec gateways or third-party VPN client software. For example, configure sales
representatives’ laptops, tablets, or smartphones to securely connect to the Zyxel Device’s network. See
Chapter 34 on page 669 for more on L2TP over IPSec.
Figure 428 L2TP VPN
30.1.1 What You Can Do in this Chapter
Use the VPN Connection screens (see Section 30.2 on page 610) to specify which IPSec VPN gateway
an IPSec VPN connection policy uses, which devices behind the IPSec routers can use the VPN tunnel,
and the IPSec SA settings (phase 2 settings). You can also activate or deactivate and connect or
disconnect each VPN connection (each IPSec SA).
Use the VPN Gateway screens (see Section 30.2.1 on page 612) to manage the Zyxel Device’s VPN
gateways. A VPN gateway specifies the IPSec routers at either end of a VPN tunnel and the IKE SA
settings (phase 1 settings). You can also activate and deactivate each VPN gateway.
Use the VPN Concentrator screens (see Section 30.4 on page 627) to combine several IPSec VPN
connections into a single secure network.
Use the Configuration Provisioning screen (see Section 30.5 on page 629) to set who can retrieve VPN
rule settings from the Zyxel Device using the Zyxel Device IPSec VPN Client.
30.1.2 What You Need to Know
An IPSec VPN tunnel is usually established in two phases. Each phase establishes a security association
(SA), a contract indicating what security parameters the Zyxel Device and the remote IPSec router will
use. The first phase establishes an Internet Key Exchange (IKE) SA between the Zyxel Device and remote
IPSec router. The second phase uses the IKE SA to securely establish an IPSec SA through which the Zyxel
Device and remote IPSec router can send data between computers on the local network and remote
network. This is illustrated in the following figure.

Table of Contents

Other manuals for ZyXEL Communications USG310

Preview: Handbook
Handbook749 pages
Preview: Initial Setup
Initial Setup9 pages
Preview: Handbook & Instructions
Handbook & Instructions255 pages
Preview: Quick Start Guide
Quick Start Guide8 pages
Preview: Specifications
Specifications8 pages

Related product manuals