ZyXEL P-660HNU-F1 User Guide - Page 217
Negotiation Mode, 16.6.7 Remote DNS Server, Negotiation Mode, Main Mode
View all ZyXEL P-660HNU-F1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 217 highlights
Chapter 16 VPN 16.6.6 Negotiation Mode The phase 1 Negotiation Mode you select determines how the Security Association (SA) will be established for each connection through IKE negotiations. • Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number). This mode features identity protection (your identity is not revealed in the negotiation). 16.6.7 Remote DNS Server In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server, you must identify that DNS server. You cannot use DNS servers on the LAN or from the ISP since these DNS servers cannot resolve domain names to private IP addresses on the remote network The following figure depicts an example where three VPN tunnels are created from ZyXEL Device A; one to branch office 2, one to branch office 3 and another to headquarters. In order to access computers that use private domain names on the headquarters (HQ) network, the ZyXEL Device at branch office 1 uses the Intranet DNS server in headquarters. The DNS server feature for VPN does not work with Windows 2000 or Windows XP. Figure 114 VPN Host using Intranet DNS Server Example ISP DNS Servers 212.54.64.170 212.54.54.171 1 LAN DNS:212.54.64.170 212.54.64.171 Remote IPSec Router HQ 10.1.1.1/200 A VPN DNS: 10.1.1.10 Intranet DNS 10.1.1.10 = VPN Tunnel 2 192.168.1.1/50 3 172.16.1.1/50 If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addresses to access the computers on the remote network. ADSL Series User's Guide 217