Vpn Routing Between Branch Office Through Headquarter - ZyXEL Communications P-793H v2 Support Notes

P-793H v 2 Support Notes
Generally, without IPSec, to configure an internal server for outside access, we
need to configure the server private IP and its service port in SUA/NAT Server
Table. The NAT router then will forward the incoming connections to the
internal server according to the service port and private IP entered in SUA/NAT
Server Table.
However, if both NAT and IPSec is enabled in Prestige, the edit of the table is
necessary only if the connection is a non-secure connections. For secure
connections, none SUA server settings are required since private IP is
reachable in the VPN case. Remember, IPSec is an IP-in-IP encapsulation, the
internal IP header is not translated by NAT. For example:
Internal Server----Prestige (NAT+IPSec)-----ADSL Modem----Internet----Remote Network

4. VPN Routing between Branch Office through Headquarter

This page guides us how to setup VPN routing between branch offices through
headquarter. So that whenever branch office A wants to talk to branch office B,
headquarter plays as a VPN relay. Users can gain benefit from such
application when the scale of branch offices is very large, because no
additional VPN tunnels between branch offices are needed. In this support
note, we skip the detailed configuration steps for Internet access and presume
that you are familiar with basic ZyNOS VPN configuration.
As the figure shown below, each branch office have a VPN tunnel to
headquarter, thus PCs in branch offices can access systems in headquarter
via the tunnel. Through VPN routing, Prestige series now provide you a
solution to let PCs in branch offices talk to each other through the existing
VPN tunnels concentrated on the headquarter.
95
All contents copy right © 2010 Zy XEL Communications Corporation.