M2M Cellular Gateway
server or database resources in the Intranet of Network‐A at HQ with a secured link.
That means, the security gateway in headquarters supports "Dynamic VPN" function
and then you, as a mobile user, can access its Intranet resources from remote side with
a secured link; even your device is not on a fixed IP address.
"Full Tunnel"‐enabled Site to Site Tunnel Scenario
In "Site to Site" tunnel scenario, the client hosts of remote site can securely access the enterprise
resources in the Intranet of headquarters gateway via an established VPN tunnel, as described above.
But the regular Internet accessing at remote site still go through the WAN interface of remote gateway,
not the VPN tunnel. If you want all packets to be transferred from the Network‐B at branch office via
this VPN tunnel, including the enterprise resource accessing and the Internet accessing, you can refer
to following scenario example.
When Full Tunnel function of remote Business Security Gateway is enabled, all data traffic from
remote clients behind remote Business Security Gateway will go over the VPN tunnel. That is, if a user
is operating at a PC that is in the Intranet of remote Business Security Gateway, all application packets
and private data packets from the PC will be transmitted securely in the VPN tunnel to access the
resources behind HQ Business Security Gateway, including surfing the Internet. As a result, every time
the user surfs the web for shopping or searching data on Internet, checking personal emails, or
accessing HQ servers, all are done on a secured connection through HQ Business Security Gateway.
Following diagram illustrates this application scenario. It is the same as the one for the "Site to
Site" scenario with "Full Tunnel" disabled. But the "Full Tunnel" parameter in this scenario is enabled
now. When the "Site to Site" IPSec VPN tunnel has been established by either peer, all client hosts in
Network‐B at branch office can access the resources in HQ and the Internet by using the tunnel in a
secure link since the "Full Tunnel" function is activated in Network‐B site.
Index skipping is used to reserve slots for new function insertion, when required.
189