ZyXEL Communications 1000 Manual Do Utilizador

 Chapter 25 IPSec VPN

ZyWALL USG 1000 User’s Guide

The ZyWALL’s application scenarios make it easier to configure your VPN 
connection settings. 

• See 

 for related information on these screens.

Table 116   IPSec VPN Application Scenarios

Choose this if the 
remote IPSec router 
has a static IP 
address or a domain 
name. 

This ZyWALL can 
initiate the VPN 
tunnel. 

The remote IPSec 
router can also 
initiate the VPN 
tunnel if this ZyWALL 
has a static IP 
address or a domain 
name. 

Choose this if the 
remote IPSec router 
has a dynamic IP 
address. 

You don’t specify the 
remote IPSec 
router’s address, but 
you specify the 
remote policy (the 
addresses of the 
devices behind the 
remote IPSec 
router).

This ZyWALL must 
have a static IP 
address or a domain 
name.

Only the remote 
IPSec router can 
initiate the VPN 
tunnel. 

Choose this to allow 
incoming 
connections from 
IPSec VPN clients. 

The clients have 
dynamic IP 
addresses and are 
also known as dial-in 
users. 

You don’t specify the 
addresses of the 
client IPSec routers 
or the remote policy.

This creates a 
dynamic IPSec VPN 
rule that can let 
multiple clients 
connect.

Only the clients can 
initiate the VPN 
tunnel. 

Choose this to 
connect to an IPSec 
server.

This ZyWALL is the 
client (dial-in user). 

Client role ZyWALLs 
initiate IPSec VPN 
connections to a 
server role ZyWALL.

This ZyWALL can 
have a dynamic IP 
address. 

The IPSec server 
doesn’t configure 
this ZyWALL’s IP 
address or the 
addresses of the 
devices behind it.

Only this ZyWALL 
can initiate the VPN 
tunnel.