Telecommuter vpn/ipsec examples, 17 telecommuter vpn/ipsec examples – ZyXEL Communications 792H User Manual

Prestige 792H G.SHDSL Router

VPN Screens

14-31

14.17 Telecommuter VPN/IPSec Examples

The following examples show how multiple telecommuters can make VPN connections to a single Prestige at
headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The Prestige at
headquarters has a static public IP address.

14.17.1

Telecommuters Sharing One VPN Rule Example

See the following figure and table for an example configuration that allows multiple telecommuters (A, B
and C in the figure) to use one VPN rule to simultaneously access a Prestige at headquarters (HQ in the
figure). The telecommuters do not have domain names mapped to the WAN IP addresses of their IPSec
routers. The telecommuters must all use the same IPSec parameters but the local IP addresses (or ranges of
addresses) should not overlap.

Figure 14-10 Telecommuters Sharing One VPN Rule Example

Table 14-16 Telecommuters Sharing One VPN Rule Example

HEADQUARTERS

TELECOMMUTERS

My IP Address:

Public static IP address

0.0.0.0 (dynamic IP address assigned by
the ISP)

Secure Gateway
IP Address:

0.0.0.0 With this IP address
only the telecommuter can initiate
the IPSec tunnel.

Public static IP address

Local IP Address:

192.168.1.10

Telecommuter A: 192.168.2.12
Telecommuter B: 192.168.3.2
Telecommuter C: 192.168.4.15

Remote IP
Address:

0.0.0.0 (N/A)

192.168.1.10