Table of Contents
Advertisement
IPSec VPN Example Scenario
Here is an example site-to-site IPSec VPN scenario.
Figure 118 Site-to-site IPSec VPN Example
11.2.1 What You Can Do in this Chapter
• Use the Site to Site VPN screen (see
• Use the Site to Site VPN Add/Edit screens (see
174) to create a VPN rule using the wizard or create a customized VPN rule with advanced settings.
• Use the Remote Access VPN screen (see
rule.
11.2.2 What You Need to Know
An IPSec VPN tunnel is usually established in two phases. Each phase establishes a security association
(SA), a contract indicating what security parameters the Zyxel Device and the remote IPSec router will
use. The first phase establishes an Internet Key Exchange (IKE) SA between the Zyxel Device and remote
IPSec router. The second phase uses the IKE SA to securely establish an IPSec SA through which the Zyxel
Device and remote IPSec router can send data between computers on the local network and remote
network. This is illustrated in the following figure.
Figure 119 VPN: IKE SA and IPSec SA
In this example, a computer in network A is exchanging data with a computer in network B. Inside
networks A and B, the data is transmitted the same way data is normally transmitted in the networks.
Between routers X and Y, the data is protected by tunneling, encryption, authentication, and other
Chapter 11 IPSec VPN
Section 11.3 on page
Section 11.3.2 on page 174
Section 11.4 on page
USG FLEX H Series User's Guide
166
167) to view a summary of the VPN rules.
and
Section 11.3.2 on page
178) to create a remote access VPN
Advertisement
Table of Contents
Troubleshooting
