ZyXEL Communications P-334W User Manual
Prestige 334W User’s Guide
VPN Screens
16-7
Use ESP security protocol (in either transport or tunnel mode).
Use IKE keying mode.
Enable NAT traversal on both IPSec endpoints.
In order for IPSec router A (see the figure) to receive an initiating IPSec packet from IPSec router B, set the
NAT router to forward UDP port 500 to IPSec router A.
NAT router to forward UDP port 500 to IPSec router A.
16.7.2 Remote DNS Server
In cases where you want to use domain names to access Intranet servers on a remote network that has a
DNS server, you must identify that DNS server. You cannot use DNS servers on the LAN or from the ISP
since these DNS servers cannot resolve domain names to private IP addresses on the remote network
DNS server, you must identify that DNS server. You cannot use DNS servers on the LAN or from the ISP
since these DNS servers cannot resolve domain names to private IP addresses on the remote network
The following figure depicts an example where three VPN tunnels are created from Prestige A; one to
branch office 2, one to branch office 3 and another to headquarters. In order to access computers that use
private domain names on the headquarters (HQ) network, the Prestige at branch office 1 uses the Intranet
DNS server in headquarters. The DNS server feature for VPN does not work with Windows 2000 or
Windows XP.
branch office 2, one to branch office 3 and another to headquarters. In order to access computers that use
private domain names on the headquarters (HQ) network, the Prestige at branch office 1 uses the Intranet
DNS server in headquarters. The DNS server feature for VPN does not work with Windows 2000 or
Windows XP.
Figure 16-4 VPN Host using Intranet DNS Server Example