ZyXEL P-202H User Guide - Page 137
Telecommuter VPN/IPSec Examples
View all ZyXEL P-202H manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 137 highlights
P-202H Plus v2 User's Guide The following table describes the labels in this screen. Table 41 Global Setting LABEL DESCRIPTION Windows Networking (NetBIOS over TCP/IP) Allow NetBIOS Traffic Through All IPSec Tunnels Back Apply Reset NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to find other computers. It may sometimes be necessary to allow NetBIOS packets to pass through VPN tunnels in order to allow local computers to find computers on the remote network and vice versa. Select this check box to send NetBIOS packets through the VPN connection. Click Back to return to the previous screen. Click Apply to save your changes back to the ZyXEL Device. Click Reset to begin configuring this screen afresh. 11.16 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL Device at headquarters from remote IPSec routers that use dynamic WAN IP addresses. 11.16.1 Telecommuters Sharing One VPN Rule Example Multiple telecommuters can use one VPN rule to simultaneously access a ZyXEL Device at headquarters. They must all use the same IPSec parameters (including the pre-shared key) but the local IP addresses (or ranges of addresses) cannot overlap. See the following table and figure for an example. Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key is compromised, all of the VPN connections using that VPN rule are at risk. A recommended alternative is to use a different VPN rule for each telecommuter and identify them by unique IDs (see Section 11.16.2 on page 137).. Table 42 Telecommuter and Headquarters Configuration Example My IP Address: Secure Gateway IP Address: TELECOMMUTER 0.0.0.0 (dynamic IP address assigned by the ISP) Public static IP address or domain name. HEADQUARTERS Public static IP address 0.0.0.0 With this IP address only the telecommuter can initiate the IPSec tunnel. Chapter 11 VPN Screens 136