beautypg.com

17 telecommuter vpn/ipsec examples, 1 telecommuters sharing one vpn rule example – ZyXEL Communications ZyXEL ZyWALL 2WG User Manual

Page 291

background image

Chapter 14 IPSec VPN

ZyWALL 2WG User’s Guide

291

14.17 Telecommuter VPN/IPSec Examples

The following examples show how multiple telecommuters can make VPN connections to a
single ZyWALL at headquarters. The telecommuters use IPSec routers with dynamic WAN IP
addresses. The ZyWALL at headquarters has a static public IP address.

14.17.1 Telecommuters Sharing One VPN Rule Example

See the following figure and table for an example configuration that allows multiple
telecommuters (A, B and C in the figure) to use one VPN rule to simultaneously access a
ZyWALL at headquarters (HQ in the figure). The telecommuters do not have domain names
mapped to the WAN IP addresses of their IPSec routers. The telecommuters must all use the
same IPSec parameters but the local IP addresses (or ranges of addresses) should not overlap.

Adjust TCP Maximum

Segment Size

The TCP packets are larger after the ZyWALL encrypts them for VPN. The

ZyWALL fragments packets that are larger than a connection’s MTU

(Maximum Transmit Unit).
In most cases you should leave this set to Auto. The ZyWALL automatically

sets the Maximum Segment Size (MSS) of the TCP packets that are to be

encrypted by VPN based on the encapsulation type.
Select Off to not adjust the MSS for the encrypted TCP packets.
If your network environment causes fragmentation issues that are affecting

your throughput performance, you can manually set a smaller MSS for the

TCP packets that are to be encrypted by VPN. Select User-Defined and

specify a size from 0~1460 bytes. 0 has the ZyWALL use the auto setting.

VPN rules skip

applying to the overlap

range of local and

remote IP addresses

When you configure a VPN rule, the ZyWALL checks to make sure that the

IP addresses in the local and remote networks do not overlap. Select this

check box to disable the check if you need to configure a VPN policy with

overlapping local and remote IP addresses.

Note: If a VPN policy’s local and remote IP addresses overlap,

you may not be able to access the device on your LAN
because the ZyWALL automatically triggers a VPN
tunnel to the remote device with the same IP address.

Apply

Click Apply to save your changes back to the ZyWALL.

Reset

Click Reset to begin configuring this screen afresh.

Table 90 SECURITY > VPN > Global Setting (continued)

LABEL

DESCRIPTION

See also other documents in the category ZyXEL Communications Hardware: