|
| Chapter 14 IPSec VPN |
| Table 74 SECURITY > VPN > Global Setting (continued) | |
| LABEL | DESCRIPTION |
| Local and Remote IP | Select The Local Network to send packets destined for overlapping local |
| Address Conflict | and remote IP addresses to the local network (you can access the local |
| Resolution | devices but not the remote devices). |
|
| Select The Remote Network (via VPN Tunnel) to send packets destined for |
|
| overlapping local and remote IP addresses to the remote network (you can |
|
| access the remote devices but not the local devices.) |
|
| If the remote IPSec router also supports NAT over IPSec, it is recommended |
|
| that you use NAT over IPSec (see Section 14.6.2 on page 271) if the local |
|
| and remote IP addresses overlap. |
|
| If a VPN rule’s local and remote network settings are both set to 0.0.0.0 |
|
| (any), no traffic goes through the VPN tunnel if you select The Local |
|
| Network. |
|
|
|
| Apply | Click Apply to save your changes back to the ZyWALL. |
|
|
|
| Reset | Click Reset to begin configuring this screen afresh. |
|
|
|
14.15 Telecommuter VPN/IPSec Examples
The following examples show how multiple telecommuters can make VPN connections to a single ZyWALL at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The ZyWALL at headquarters has a static public IP address.
14.15.1 Telecommuters Sharing One VPN Rule Example
See the following figure and table for an example configuration that allows multiple telecommuters (A, B and C in the figure) to use one VPN rule to simultaneously access a ZyWALL at headquarters (HQ in the figure). The telecommuters do not have domain names mapped to the WAN IP addresses of their IPSec routers. The telecommuters must all use the same IPSec parameters but the local IP addresses (or ranges of addresses) should not overlap.
Figure 190 Telecommuters Sharing One VPN Rule Example
| 289 |
ZyWALL 2 Plus User’s Guide | |
|
|