EasyManua.ls Logo

ZyXEL Communications USG40 - Page 538

ZyXEL Communications USG40
994 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 29 IPSec VPN
ZyWALL/USG Series User’s Guide
538
Application Scenarios
The ZyWALL/USG’s application scenarios make it easier to configure your VPN connection settings.
Finding Out More
•See Section 29.6 on page 560 for IPSec VPN background information.
Table 207 IPSec VPN Application Scenarios
SITE-TO-SITE
SITE-TO-SITE WITH
DYNAMIC PEER
REMOTE ACCESS
(SERVER ROLE)
REMOTE
ACCESS (CLIENT
ROLE)
VPN TUNNEL
INTERFACE
Choose this if the
remote IPSec router
has a static IP
address or a domain
name.
This ZyWALL/USG
can initiate the VPN
tunnel.
The remote IPSec
router can also
initiate the VPN
tunnel if this
ZyWALL/USG has a
static IP address or a
domain name.
Choose this if the
remote IPSec router
has a dynamic IP
address.
You don’t specify the
remote IPSec router’s
address, but you
specify the remote
policy (the addresses of
the devices behind the
remote IPSec router).
This ZyWALL/USG must
have a static IP address
or a domain name.
Only the remote IPSec
router can initiate the
VPN tunnel.
Choose this to allow
incoming connections
from IPSec VPN
clients.
The clients have
dynamic IP addresses
and are also known as
dial-in users.
You don’t specify the
addresses of the client
IPSec routers or the
remote policy.
This creates a dynamic
IPSec VPN rule that
can let multiple clients
connect.
Only the clients can
initiate the VPN tunnel.
Choose this to
connect to an
IPSec server.
This ZyWALL/USG
is the client (dial-
in user).
Client role
ZyWALL/USGs
initiate IPSec VPN
connections to a
server role
ZyWALL/USG.
This ZyWALL/USG
can have a
dynamic IP
address.
The IPSec server
doesn’t configure
this ZyWALL/
USG’s IP address
or the addresses
of the devices
behind it.
Only this ZyWALL/
USG can initiate
the VPN tunnel.
Choose this to
set up a VPN
tunnel
interface to
bind with a
VPN
connection.
The ZyWALL/
USG can use
the interface
to do load
balancing
using a
specific Trunk.
The remote
IPsec router
should have a
static IP
address or a
domain name.

Table of Contents

Related product manuals