Id Type And Content; Figure 117 Vpn Host Using Intranet Dns Server Example - ZyXEL Communications ZyWall 35 User Manual

The following figure depicts an example where three VPN tunnels are created from ZyWALL
A; one to branch office 2, one to branch office 3 and another to headquarters. In order to
access computers that use private domain names on the headquarters (HQ) network, the
ZyWALL at branch office 1 uses the Intranet DNS server in headquarters. The DNS server
feature for VPN does not work with Windows 2000 or Windows XP

Figure 117 VPN Host using Intranet DNS Server Example

14.8 ID Type and Content

With aggressive negotiation mode
incoming SAs by ID type and content since this identifying information is not encrypted. This
enables the ZyWALL to distinguish between multiple rules for SAs that connect from remote
IPSec routers that have dynamic WAN IP addresses. Telecommuters can use separate
passwords to simultaneously connect to the ZyWALL from IPSec routers with dynamic IP
addresses (see the Telecommuters Using Unique VPN Rules Example section
telecommuter configuration example).
With main mode
provide identity protection. In this case the ZyWALL can only distinguish between up to 12
different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP
addresses. The ZyWALL can distinguish up to 12 incoming SAs because you can select
Chapter 14 VPN Screens
Note: If you do not specify an Intranet DNS server on the
remote network, then the VPN host must use IP addresses to
access the computers on the remote network.
(see the Negotiation Mode
Note: Regardless of the ID type and content configuration, the
ZyWALL does not allow you to save multiple active rules with
overlapping local and remote IP addresses.
(see the Negotiation Mode
section), the ZyWALL identifies
section), the ID type and content are encrypted to
ZyWALL 35 User's Guide
for a
245