ZyXEL 4-port Prestige 792H Router 91-004-342001 Manuel D’Utilisation
Codes de produits
91-004-342001
Prestige 792H G.SHDSL Router
14-32
VPN
Screens
14.17.2
Telecommuters Using Unique VPN Rules Example
In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are
mapped to their dynamic WAN IP addresses (use Dynamic DNS to do this).
With aggressive negotiation mode (see section 14.10.1), the Prestige can use the ID types and contents to
distinguish between VPN rules. Telecommuters can each use a separate VPN rule to simultaneously access a
Prestige at headquarters. They can use different IPSec parameters. The local IP addresses (or ranges of
addresses) of the rules configured on the Prestige at headquarters can overlap. The local IP addresses of the
rules configured on the telecommuters’ IPSec routers should not overlap.
See the following table and figure for an example where three telecommuters each use a different VPN rule
for a VPN connection with a Prestige located at headquarters. The Prestige at headquarters (HQ in the figure)
identifies each incoming SA by its ID type and content and uses the appropriate VPN rule to establish the
VPN connection.
The Prestige at headquarters can also initiate VPN connections to the telecommuters since it can find the
telecommuters by resolving their domain names.
mapped to their dynamic WAN IP addresses (use Dynamic DNS to do this).
With aggressive negotiation mode (see section 14.10.1), the Prestige can use the ID types and contents to
distinguish between VPN rules. Telecommuters can each use a separate VPN rule to simultaneously access a
Prestige at headquarters. They can use different IPSec parameters. The local IP addresses (or ranges of
addresses) of the rules configured on the Prestige at headquarters can overlap. The local IP addresses of the
rules configured on the telecommuters’ IPSec routers should not overlap.
See the following table and figure for an example where three telecommuters each use a different VPN rule
for a VPN connection with a Prestige located at headquarters. The Prestige at headquarters (HQ in the figure)
identifies each incoming SA by its ID type and content and uses the appropriate VPN rule to establish the
VPN connection.
The Prestige at headquarters can also initiate VPN connections to the telecommuters since it can find the
telecommuters by resolving their domain names.
Figure 14-11 Telecommuters Using Unique VPN Rules Example
Table 14-17 Telecommuters Using Unique VPN Rules Example
HEADQUARTERS TELECOMMUTERS
All Headquarters Rules:
All Telecommuter Rules:
My IP Address: bigcompanyhq.com
My IP Address 0.0.0.0
Local IP Address: 192.168.1.10
Secure Gateway Address: bigcompanyhq.com
Local ID Type: E-mail
Remote IP Address: 192.168.1.10