2 telecommuters using unique vpn rules example – ZyXEL Communications P-335WT User Manual

P-335 Series User’s Guide

240

Chapter 17 VPN Screens

Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key
is compromised, all of the VPN connections using that VPN rule are at risk. A recommended
alternative is to use a different VPN rule for each telecommuter and identify them by unique
IDs (see

the Telecommuters Using Unique VPN Rules Example section

)..

Table 78 Telecommuter and Headquarters Configuration Example

TELECOMMUTER

HEADQUARTERS

My IP Address:

0.0.0.0 (dynamic IP address

assigned by the ISP)

Public static IP address

Secure Gateway

IP Address:

Public static IP address or domain

name.

0.0.0.0 With this IP address only the

telecommuter can initiate the IPSec tunnel.

Figure 108 Telecommuters Sharing One VPN Rule Example

17.17.2 Telecommuters Using Unique VPN Rules Example

With aggressive negotiation mode (see section Negotiation Mode), the Prestige can use the ID
types and contents to distinguish between VPN rules. Telecommuters can each use a separate
VPN rule to simultaneously access a Prestige at headquarters. They can use different IPSec
parameters (including the pre-shared key) and the local IP addresses (or ranges of addresses)
can overlap.