Chapter 23 IPSec VPN

Application Scenarios

The ZyWALL’s application scenarios make it easier to configure your VPN connection settings.

Table 111 IPSec VPN Application Scenarios

SITE-TO-SITE

SITE-TO-SITE WITH

REMOTE ACCESS

REMOTE ACCESS

DYNAMIC PEER

(SERVER ROLE)

(CLIENT ROLE)

 

 

 

 

 

Choose this if the

Choose this if the

Choose this to allow

Choose this to

remote IPSec router

remote IPSec router

incoming

connect to an IPSec

has a static IP

has a dynamic IP

connections from

server.

address or a domain

address.

IPSec VPN clients.

This ZyWALL is the

name.

 

 

You don’t specify the

The clients have

client (dial-in user).

 

This ZyWALL can

remote IPSec

dynamic IP

Client role ZyWALLs

initiate the VPN

router’s address, but

addresses and are

initiate IPSec VPN

tunnel.

you specify the

also known as dial-in

 

remote policy (the

users.

connections to a

The remote IPSec

server role ZyWALL.

addresses of the

 

router can also

You don’t specify the

 

devices behind the

This ZyWALL can

initiate the VPN

addresses of the

remote IPSec

have a dynamic IP

tunnel if this ZyWALL

client IPSec routers

router).

address.

has a static IP

 

or the remote policy.

address or a domain

This ZyWALL must

This creates a

The IPSec server

name.

have a static IP

doesn’t configure

dynamic IPSec VPN

 

address or a domain

 

this ZyWALL’s IP

 

rule that can let

 

name.

 

address or the

 

multiple clients

 

 

 

 

addresses of the

 

Only the remote

connect.

 

devices behind it.

 

IPSec router can

 

 

Only the clients can

 

 

initiate the VPN

Only this ZyWALL

 

initiate the VPN

 

tunnel.

 

can initiate the VPN

 

tunnel.

 

 

 

 

tunnel.

 

 

 

 

 

 

 

Finding Out More

• See Section 6.5.15 on page 102 for related information on these screens.

 

377

ZyWALL USG 50 User’s Guide