Chapter 25 IPSec VPN

Application Scenarios

The ZyWALL’s application scenarios make it easier to configure your VPN connection settings.

Table 116 IPSec VPN Application Scenarios

SITE-TO-SITE

SITE-TO-SITE WITH

REMOTE ACCESS

REMOTE ACCESS

DYNAMIC PEER

(SERVER ROLE)

(CLIENT ROLE)

 

 

 

 

 

Choose this if the

Choose this if the

Choose this to allow

Choose this to

remote IPSec router

remote IPSec router

incoming

connect to an IPSec

has a static IP

has a dynamic IP

connections from

server.

address or a domain

address.

IPSec VPN clients.

This ZyWALL is the

name.

You don’t specify the

The clients have

This ZyWALL can

client (dial-in user).

remote IPSec

dynamic IP

Client role ZyWALLs

initiate the VPN

router’s address, but

addresses and are

tunnel.

you specify the

also known as dial-in

initiate IPSec VPN

The remote IPSec

remote policy (the

users.

connections to a

addresses of the

 

server role ZyWALL.

router can also

devices behind the

You don’t specify the

This ZyWALL can

initiate the VPN

remote IPSec

addresses of the

tunnel if this ZyWALL

router).

client IPSec routers

have a dynamic IP

has a static IP

 

or the remote policy.

address.

address or a domain

This ZyWALL must

This creates a

The IPSec server

name.

have a static IP

 

address or a domain

dynamic IPSec VPN

doesn’t configure

 

name.

rule that can let

this ZyWALL’s IP

 

 

multiple clients

address or the

 

Only the remote

connect.

addresses of the

 

IPSec router can

Only the clients can

devices behind it.

 

initiate the VPN

Only this ZyWALL

 

tunnel.

initiate the VPN

 

 

tunnel.

can initiate the VPN

 

 

 

tunnel.

Finding Out More

• See Section 6.5.15 on page 110 for related information on these screens.

 

443

ZyWALL USG 2000 User’s Guide