User manual
Chapter 25 IPSec VPN
ZyWALL USG 300 User’s Guide
469
Application Scenarios
The ZyWALL’s application scenarios make it easier to configure your VPN
connection settings.
Finding Out More
• See Section 6.5.15 on page 106 for related information on these screens.
Table 124 IPSec VPN Application Scenarios
SITE-TO-SITE
SITE-TO-SITE WITH
DYNAMIC PEER
REMOTE ACCESS
(SERVER ROLE)
REMOTE ACCESS
(CLIENT ROLE)
Choose this if the
remote IPSec router
has a static IP
address or a domain
name.
This ZyWALL can
initiate the VPN
tunnel.
The remote IPSec
router can also
initiate the VPN
tunnel if this ZyWALL
has a static IP
address or a domain
name.
Choose this if the
remote IPSec router
has a dynamic IP
address.
You don’t specify the
remote IPSec
router’s address, but
you specify the
remote policy (the
addresses of the
devices behind the
remote IPSec
router).
This ZyWALL must
have a static IP
address or a domain
name.
Only the remote
IPSec router can
initiate the VPN
tunnel.
Choose this to allow
incoming
connections from
IPSec VPN clients.
The clients have
dynamic IP
addresses and are
also known as dial-in
users.
You don’t specify the
addresses of the
client IPSec routers
or the remote policy.
This creates a
dynamic IPSec VPN
rule that can let
multiple clients
connect.
Only the clients can
initiate the VPN
tunnel.
Choose this to
connect to an IPSec
server.
This ZyWALL is the
client (dial-in user).
Client role ZyWALLs
initiate IPSec VPN
connections to a
server role ZyWALL.
This ZyWALL can
have a dynamic IP
address.
The IPSec server
doesn’t configure
this ZyWALL’s IP
address or the
addresses of the
devices behind it.
Only this ZyWALL
can initiate the VPN
tunnel.