ZyXEL Communications P-334 User Manual
Prestige 334 User’s Guide
181
Chapter 15 VPN Screens
Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key
is compromised, all of the VPN connections using that VPN rule are at risk. A recommended
alternative is to use a different VPN rule for each telecommuter and identify them by unique
IDs (see
is compromised, all of the VPN connections using that VPN rule are at risk. A recommended
alternative is to use a different VPN rule for each telecommuter and identify them by unique
IDs (see
)..
Figure 70 Telecommuters Sharing One VPN Rule Example
15.17.2 Telecommuters Using Unique VPN Rules Example
With aggressive negotiation mode (see section Negotiation Mode), the Prestige can use the ID
types and contents to distinguish between VPN rules. Telecommuters can each use a separate
VPN rule to simultaneously access a Prestige at headquarters. They can use different IPSec
parameters (including the pre-shared key) and the local IP addresses (or ranges of addresses)
can overlap.
types and contents to distinguish between VPN rules. Telecommuters can each use a separate
VPN rule to simultaneously access a Prestige at headquarters. They can use different IPSec
parameters (including the pre-shared key) and the local IP addresses (or ranges of addresses)
can overlap.
Table 56 Telecommuter and Headquarters Configuration Example
TELECOMMUTER
HEADQUARTERS
My IP Address:
0.0.0.0 (dynamic IP address
assigned by the ISP)
Public static IP address
Secure Gateway
IP Address:
Public static IP address or domain
name.
0.0.0.0 With this IP address only the
telecommuter can initiate the IPSec tunnel.