ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

198

Remote Access VPN Scenario

The remote access VPN scenario is to provide a remote users secure connections to access corporate

network over a public networking infrastructure.

VPN has become the logical solution for remote access connectivity. The remote access VPN scenario is

to provide a remote users secure connections to access corporate network over a public networking

infrastructure. Deploying a remote access VPN enables corporations to reduce communications expenses

by leveraging the infrastructures of Internet service providers. At the same time, VPN allows remote to

take advantage of broadband connectivity. Remote users (e.g. mobile users, telecommuters) may use

dial-up, ISDN, digital subscriber line (DSL) or cable technologies to gain Internet access

Because IP address is dynamically assigned by service providers, the Remote Gateway Address of

gateway way policy must be configured with 0.0.0.0 or domain name. If “0.0.0.0” is used as Remote

Gateway Address, ZyWALL accepts all attempts from any IP address and authenticate the remote VPN

device with pre-shared key or certificate. If the remote entity passes authentication, ZyWALL and remote

entity will then generate dynamic shared keys for the IKE SAs and IPSec/QM SAs.

Using xAuth for User Authentication

IKE Extended Authentication (Xauth) is a draft RFC developed by the Internet Engineering Task Force

(IETF) based on the Internet Key Exchange (IKE) protocol. The Xauth feature is an enhance to the

LAN

ZyWALL

WAN

Internet

Mobile user

Telecommuter