ZyXEL Communications 1000 Manual Do Utilizador
Chapter 25 IPSec VPN
ZyWALL USG 1000 User’s Guide
443
Application Scenarios
The ZyWALL’s application scenarios make it easier to configure your VPN
connection settings.
connection settings.
Finding Out More
• See
for related information on these screens.
Table 116 IPSec VPN Application Scenarios
SITE-TO-SITE
SITE-TO-SITE WITH
DYNAMIC PEER
DYNAMIC PEER
REMOTE ACCESS
(SERVER ROLE)
(SERVER ROLE)
REMOTE ACCESS
(CLIENT ROLE)
(CLIENT ROLE)
Choose this if the
remote IPSec router
has a static IP
address or a domain
name.
remote IPSec router
has a static IP
address or a domain
name.
This ZyWALL can
initiate the VPN
tunnel.
initiate the VPN
tunnel.
The remote IPSec
router can also
initiate the VPN
tunnel if this ZyWALL
has a static IP
address or a domain
name.
router can also
initiate the VPN
tunnel if this ZyWALL
has a static IP
address or a domain
name.
Choose this if the
remote IPSec router
has a dynamic IP
address.
remote IPSec router
has a dynamic IP
address.
You don’t specify the
remote IPSec
router’s address, but
you specify the
remote policy (the
addresses of the
devices behind the
remote IPSec
router).
remote IPSec
router’s address, but
you specify the
remote policy (the
addresses of the
devices behind the
remote IPSec
router).
This ZyWALL must
have a static IP
address or a domain
name.
have a static IP
address or a domain
name.
Only the remote
IPSec router can
initiate the VPN
tunnel.
IPSec router can
initiate the VPN
tunnel.
Choose this to allow
incoming
connections from
IPSec VPN clients.
incoming
connections from
IPSec VPN clients.
The clients have
dynamic IP
addresses and are
also known as dial-in
users.
dynamic IP
addresses and are
also known as dial-in
users.
You don’t specify the
addresses of the
client IPSec routers
or the remote policy.
addresses of the
client IPSec routers
or the remote policy.
This creates a
dynamic IPSec VPN
rule that can let
multiple clients
connect.
dynamic IPSec VPN
rule that can let
multiple clients
connect.
Only the clients can
initiate the VPN
tunnel.
initiate the VPN
tunnel.
Choose this to
connect to an IPSec
server.
connect to an IPSec
server.
This ZyWALL is the
client (dial-in user).
client (dial-in user).
Client role ZyWALLs
initiate IPSec VPN
connections to a
server role ZyWALL.
initiate IPSec VPN
connections to a
server role ZyWALL.
This ZyWALL can
have a dynamic IP
address.
have a dynamic IP
address.
The IPSec server
doesn’t configure
this ZyWALL’s IP
address or the
addresses of the
devices behind it.
doesn’t configure
this ZyWALL’s IP
address or the
addresses of the
devices behind it.
Only this ZyWALL
can initiate the VPN
tunnel.
can initiate the VPN
tunnel.