Id Type And Content; Figure 81 Vpn Host Using Intranet Dns Server Example - ZyXEL Communications P-793H User Manual

Chapter 11 VPN
cannot use DNS servers on the LAN or from the ISP since these DNS servers
cannot resolve domain names to private IP addresses on the remote network
The following figure depicts an example where three VPN tunnels are created from
P-793H v2 A; one to branch office 2, one to branch office 3 and another to
headquarters. In order to access computers that use private domain names on the
headquarters (HQ) network, the P-793H v2 at branch office 1 uses the Intranet
DNS server in headquarters. The DNS server feature for VPN does not work with
Windows 2000 or Windows XP.

Figure 81 VPN Host using Intranet DNS Server Example

If you do not specify an Intranet DNS server on the remote network, then the VPN
host must use IP addresses to access the computers on the remote network.

11.9.9 ID Type and Content

With aggressive negotiation mode
v2 identifies incoming SAs by ID type and content since this identifying
information is not encrypted. This enables the P-793H v2 to distinguish between
multiple rules for SAs that connect from remote IPSec routers that have dynamic
WAN IP addresses. Telecommuters can use separate passwords to simultaneously
connect to the P-793H v2 from IPSec routers with dynamic IP addresses
(seeSection 11.9.12 on page 188
Regardless of the ID type and content configuration, the P-793H v2 does not allow
you to save multiple active rules with overlapping local and remote IP addresses.
With main mode
encrypted to provide identity protection. In this case the P-793H v2 can only
186
ISP DNS Servers
212.54.64.170
1
LAN
DNS:212.54.64.170
212.54.64.171
Internet
A
VPN DNS: 10.1.1.10
= VPN Tunnel
(seeSection 11.9.6 on page
212.54.54.171
Remote
IPSec Router
2
192.168.1.1/50
(seeSection 11.9.6 on page
for a telecommuter configuration example).
185), the ID type and content are
HQ
10.1.1.1/200
Intranet DNS
10.1.1.10
3
172.16.1.1/50
185), the P-793H
P-793H v2 User's Guide