Filter
Top Products
Chapter 20 IPSec VPN
ZyWALL 110/310/1100 Series User’s Guide
284
Application Scenarios
The ZyWALL’s application scenarios make it easier to configure your VPN connection settings.
Finding Out More
•See Section 20.6 on page 305 for IPSec VPN background information.
20.1.3 Before You Begin
This section briefly explains the relationship between VPN tunnels and other features. It also gives
some basic suggestions for troubleshooting.
You should set up the following features before you set up the VPN tunnel.
Table 105 IPSec VPN Application Scenarios
SITE-TO-SITE
SITE-TO-SITE WITH
DYNAMIC PEER
REMOTE ACCESS
(SERVER ROLE)
REMOTE ACCESS
(CLIENT ROLE)
Choose this if the remote
IPSec router has a static
IP address or a domain
name.
This ZyWALL can initiate
the VPN tunnel.
The remote IPSec router
can also initiate the VPN
tunnel if this ZyWALL has
a static IP address or a
domain name.
Choose this if the remote
IPSec router has a
dynamic IP address.
You don’t specify the
remote IPSec router’s
address, but you specify
the remote policy (the
addresses of the devices
behind the remote IPSec
router).
This ZyWALL must have a
static IP address or a
domain name.
Only the remote IPSec
router can initiate the
VPN tunnel.
Choose this to allow
incoming connections
from IPSec VPN clients.
The clients have dynamic
IP addresses and are also
known as dial-in users.
You don’t specify the
addresses of the client
IPSec routers or the
remote policy.
This creates a dynamic
IPSec VPN rule that can
let multiple clients
connect.
Only the clients can
initiate the VPN tunnel.
Choose this to connect to
an IPSec server.
This ZyWALL is the client
(dial-in user).
Client role ZyWALLs
initiate IPSec VPN
connections to a server
role ZyWALL.
This ZyWALL can have a
dynamic IP address.
The IPSec server doesn’t
configure this ZyWALL’s
IP address or the
addresses of the devices
behind it.
Only this ZyWALL can
initiate the VPN tunnel.