P-335 Series User's Guide
Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key
is compromised, all of the VPN connections using that VPN rule are at risk. A recommended
alternative is to use a different VPN rule for each telecommuter and identify them by unique
IDs (see
the Telecommuters Using Unique VPN Rules Example section
Table 79 Telecommuter and Headquarters Configuration Example
My IP Address:
Secure Gateway
IP Address:
Figure 106 Telecommuters Sharing One VPN Rule Example
18.17.2 Telecommuters Using Unique VPN Rules Example
With aggressive negotiation mode (see section Negotiation Mode), the Prestige can use the ID
types and contents to distinguish between VPN rules. Telecommuters can each use a separate
VPN rule to simultaneously access a Prestige at headquarters. They can use different IPSec
parameters (including the pre-shared key) and the local IP addresses (or ranges of addresses)
can overlap.
248
TELECOMMUTER
0.0.0.0 (dynamic IP address
assigned by the ISP)
Public static IP address or domain
name.
)..
HEADQUARTERS
Public static IP address
0.0.0.0
With this IP address only the
telecommuter can initiate the IPSec tunnel.
Chapter 18 VPN Screens