Chapter 14 IPSec VPN
Table 76 Telecommuters Using Unique VPN Rules Example
TELECOMMUTERS | HEADQUARTERS |
All Telecommuter Rules: | All Headquarters Rules: |
|
|
My ZyWALL 0.0.0.0 | My ZyWALL: bigcompanyhq.com |
|
|
Remote Gateway Address: bigcompanyhq.com | Local Network - Single IP Address: 192.168.1.10 |
|
|
Remote Network - Single IP Address: | Local ID Type: |
192.168.1.10 |
|
|
|
Peer ID Type: | Local ID Content: bob@bigcompanyhq.com |
|
|
Peer ID Content: bob@bigcompanyhq.com |
|
|
|
|
|
Telecommuter A (telecommutera.dydns.org) | Headquarters ZyWALL Rule 1: |
|
|
Local ID Type: IP | Peer ID Type: IP |
|
|
Local ID Content: 192.168.2.12 | Peer ID Content: 192.168.2.12 |
|
|
Local IP Address: 192.168.2.12 | Remote Gateway Address: |
| telecommutera.dydns.org |
|
|
| Remote Address 192.168.2.12 |
|
|
|
|
Telecommuter B (telecommuterb.dydns.org) | Headquarters ZyWALL Rule 2: |
|
|
Local ID Type: DNS | Peer ID Type: DNS |
|
|
Local ID Content: telecommuterb.com | Peer ID Content: telecommuterb.com |
|
|
Local IP Address: 192.168.3.2 | Remote Gateway Address: |
| telecommuterb.dydns.org |
|
|
| Remote Address 192.168.3.2 |
|
|
|
|
Telecommuter C (telecommuterc.dydns.org) | Headquarters ZyWALL Rule 3: |
|
|
Local ID Type: | Peer ID Type: |
|
|
Local ID Content: myVPN@myplace.com | Peer ID Content: myVPN@myplace.com |
|
|
Local IP Address: 192.168.4.15 | Remote Gateway Address: |
| telecommuterc.dydns.org |
|
|
| Remote Address 192.168.4.15 |
|
|
14.16 VPN and Remote Management
You can allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage the ZyWALL. One of the ZyWALL’s ports must be part of the VPN rule’s local network. This can be the ZyWALL’s LAN port if you do not want to allow remote management on the WAN port. You also have to configure remote management (REMOTE MGMT) to allow management access for the service through the specific port.
In the following example, the VPN rule’s local network (A) includes the ZyWALL’s LAN IP address of 192.168.1.7. Someone in the remote network (B) can use a service (like HTTP for example) through the VPN tunnel to access the ZyWALL’s LAN interface. Remote management must also be configured to allow HTTP access on the ZyWALL’s LAN interface.
| 291 |
ZyWALL 2 Plus User’s Guide | |
|
|