Table of Contents
Advertisement
16.6.6 Negotiation Mode
The phase 1 Negotiation Mode you select determines how the Security Association (SA) will be
established for each connection through IKE negotiations.
• Main Mode ensures the highest level of security when the communicating parties are
negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation,
Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number). This mode
features identity protection (your identity is not revealed in the negotiation).
16.6.7 Remote DNS Server
In cases where you want to use domain names to access Intranet servers on a remote network that
has a DNS server, you must identify that DNS server. You cannot use DNS servers on the LAN or
from the ISP since these DNS servers cannot resolve domain names to private IP addresses on the
remote network
The following figure depicts an example where three VPN tunnels are created from ZyXEL Device A;
one to branch office 2, one to branch office 3 and another to headquarters. In order to access
computers that use private domain names on the headquarters (HQ) network, the ZyXEL Device at
branch office 1 uses the Intranet DNS server in headquarters. The DNS server feature for VPN does
not work with Windows 2000 or Windows XP.
Figure 114 VPN Host using Intranet DNS Server Example
If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP
addresses to access the computers on the remote network.
ADSL Series User's Guide
ISP DNS Servers
212.54.64.170
1
LAN
DNS:212.54.64.170
212.54.64.171
A
VPN DNS: 10.1.1.10
= VPN Tunnel
212.54.54.171
Remote
IPSec Router
2
192.168.1.1/50
Chapter 16 VPN
HQ
10.1.1.1/200
Intranet DNS
10.1.1.10
3
172.16.1.1/50
217
- Quick Links:
- Internet Access
- Wireless
Hide quick links:
Advertisement
Table of Contents
