Id Type And Content - ZyXEL Communications P-2612HW-F1 User Manual

Chapter 14 VPN
cannot use DNS servers on the LAN or from the ISP since these DNS servers
cannot resolve domain names to private IP addresses on the remote network
The following figure depicts an example where three VPN tunnels are created from
ZyXEL Device A; one to branch office 2, one to branch office 3 and another to
headquarters. In order to access computers that use private domain names on the
headquarters (HQ) network, the ZyXEL Device at branch office 1 uses the Intranet
DNS server in headquarters. The DNS server feature for VPN does not work with
Windows 2000 or Windows XP.
Figure 157 VPN Host using Intranet DNS Server Example
If you do not specify an Intranet DNS server on the remote network, then the VPN
host must use IP addresses to access the computers on the remote network.

14.9.9 ID Type and Content

With aggressive negotiation mode
Device identifies incoming SAs by ID type and content since this identifying
information is not encrypted. This enables the ZyXEL Device to distinguish
between multiple rules for SAs that connect from remote IPSec routers that have
dynamic WAN IP addresses. Telecommuters can use separate passwords to
simultaneously connect to the ZyXEL Device from IPSec routers with dynamic IP
addresses
example).
Regardless of the ID type and content configuration, the ZyXEL Device does not
allow you to save multiple active rules with overlapping local and remote IP
addresses.
286
ISP DNS Servers
212.54.64.170
1
LAN
DNS:212.54.64.170
212.54.64.171
Internet
A
VPN DNS: 10.1.1.10
= VPN Tunnel
(seeSection 14.9.12 on page 288
212.54.54.171
Remote
IPSec Router
2
192.168.1.1/50
(seeSection 14.9.6 on page
for a telecommuter configuration
HQ
10.1.1.1/200
Intranet DNS
10.1.1.10
3
172.16.1.1/50
285), the ZyXEL
P-2612HW-F1 User's Guide