Deploying Vpn - ZyXEL Communications ZYWALL USG 2000 Support Notes

ZyWALL USG 2000 Support Notes

1. Deploying VPN

VPN (Virtual Private Network) allows you to establish a virtual direct connection to remote
locations or for the telecommuters to access the internal network in the office. VPN is a
replacement for the traditional site-to-site lease lines like T1 or ISDN. Through the VPN
applications, it reduces setup cost, works for various types of Internet connection devices
(ISDN modem, ADSL modem and FTTX...) and is easy to troubleshoot.
VPN gives you site-to-site connection flexibility. However, with multiple VPN connections
between sites, it can become more difficult to maintain. Typically, an administrator has to
configure many site-to-site VPN connections to allow a truly global VPN network.
VPN connection management is made easily using the VPN concentrator. The VPN
concentrator routes VPN traffic across multiple remote sites without complex setting, thus
reduces the configuration overhead and the possibility of improper configuration. The VPN
concentrator is also a centralized management tool for administrators because all the traffic
sent between remote sites has to go through the central office first and administrators can set
up different access control rules. These are based on the source address, remote address, user
and schedule to enhance VPN security. To help to reduce network intrusion attacks,
administrators can configure the built-in IDP engine to inspect VPN traffic. For easy
9
All contents copyright (c) 2008 ZyXEL Communications Corporation.