Telecommuter vpn/ipsec examples, 17 telecommuter vpn/ipsec examples – ZyXEL Communications ZyXEL ZyAIR 100 User Manual

ZyWALL 10~100 Series Internet Security Gateway

15-28

VPN

Screens

Table 15-11 SA Monitor

LABEL DESCRIPTION

Allow Through IP/Sec
Tunnel

Select this check box to send NetBIOS packets through the VPN connection.

Apply

Click Apply to save your changes back to the ZyWALL.

Reset

Click Reset to begin configuring this screen afresh.

15.17 Telecommuter VPN/IPSec Examples

The following examples show how multiple telecommuters can make VPN connections to a single ZyWALL
at headquarters from remote IPSec routers that use dynamic WAN IP addresses.

15.17.1

Telecommuters Sharing One VPN Rule Example

Multiple telecommuters can use one VPN rule to simultaneously access a ZyWALL at headquarters. They
must all use the same IPSec parameters (including the pre-shared key) but the local IP addresses (or ranges of
addresses) cannot overlap. See the following table and figure for an example.

Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key is
compromised, all of the VPN connections using that VPN rule are at risk. A recommended alternative is to
use a different VPN rule for each telecommuter and identify them by unique IDs (see section 15.17.2 for an
example)

Table 15-12 Telecommuter and Headquarters Configuration Example

TELECOMMUTER

HEADQUARTERS

My IP Address:

0.0.0.0 (dynamic IP address
assigned by the ISP)

Public static IP address

Secure Gateway
IP Address:

Public static IP address or domain
name.

0.0.0.0 With this IP address only the
telecommuter can initiate the IPSec tunnel.