Chapter 14 IPSec VPN
See the following table and figure for an example where three telecommuters each use a different VPN rule for a VPN connection with a ZyWALL located at headquarters. The ZyWALL at headquarters (HQ in the figure) identifies each incoming SA by its ID type and content and uses the appropriate VPN rule to establish the VPN connection.
The ZyWALL at headquarters can also initiate VPN connections to the telecommuters since it can find the telecommuters by resolving their domain names.
Figure 217 Telecommuters Using Unique VPN Rules Example
Table 96 Telecommuters Using Unique VPN Rules Example
TELECOMMUTERS | HEADQUARTERS |
All Telecommuter Rules: | All Headquarters Rules: |
|
|
My ZyWALL 0.0.0.0 | My ZyWALL: bigcompanyhq.com |
|
|
Remote Gateway Address: bigcompanyhq.com | Local Network - Single IP Address: 192.168.1.10 |
|
|
Remote Network - Single IP Address: | Local ID Type: |
192.168.1.10 |
|
|
|
Peer ID Type: | Local ID Content: bob@bigcompanyhq.com |
|
|
Peer ID Content: bob@bigcompanyhq.com |
|
|
|
|
|
Telecommuter A (telecommutera.dydns.org) | Headquarters ZyWALL Rule 1: |
|
|
Local ID Type: IP | Peer ID Type: IP |
|
|
Local ID Content: 192.168.2.12 | Peer ID Content: 192.168.2.12 |
|
|
Local IP Address: 192.168.2.12 | Remote Gateway Address: |
| telecommutera.dydns.org |
|
|
| Remote Address 192.168.2.12 |
|
|
|
|
Telecommuter B (telecommuterb.dydns.org) | Headquarters ZyWALL Rule 2: |
|
|
Local ID Type: DNS | Peer ID Type: DNS |
|
|
Local ID Content: telecommuterb.com | Peer ID Content: telecommuterb.com |
|
|
Local IP Address: 192.168.3.2 | Remote Gateway Address: |
| telecommuterb.dydns.org |
|
|
| Remote Address 192.168.3.2 |
|
|
| 343 |
ZyWALL 2WG User’s Guide | |
|
|