Mutiple (dynamic) VPN connections

ZyWALL 70 / ZyWALL 35 / ZyWALL 5 / ZyWALL 2Plus / ZyWALL 2WG / ZyWALL P1

Moderator: AliceShih

Post a reply

Mutiple (dynamic) VPN connections

Postby betatester38 on Thu Oct 29, 2009 6:11 pm

Hello every-body, my problem/question are:

With a ZyWALL 2Plus, I've created a VPN IPSec Phase 1 and Phase 2 to allow external users (max 5) to connect to my internal LAN qith ZyWALL P1 or VPN Clients; for that all is ok.

But, the external users are nomads and they move every times and every days and every times they are using another WAN remote IP adress, it's why I must use dynamics rules -> that's ok for me.

The problem/question is:
- Due to the dynamics rules, each users log into my LAN use the same Phase 1 and Phase 2 and my ZyWALL create each time a new phase 2 with another subnet, is that correct or is that a wrong use of the ZyWALL ???

Since now, I've always used static IP adress and every VPN use another Phase 1 and Phase 2 to access to my local ZyWALL but this is the first time I work with this configuration and I will know if my configuration is correct or if I've done something wrong and what ?

Thanks for answers
betatester38
Newbie
Newbie
 
Posts: 2
Cash: 3
Joined: Thu Oct 29, 2009 5:56 pm
Top

Re: Mutiple (dynamic) VPN connections

Postby superataru on Fri Oct 30, 2009 12:29 am

betatester38 wrote: . . . .............................

The problem/question is:
- Due to the dynamics rules, each users log into my LAN use the same Phase 1 and Phase 2 and my ZyWALL create each time a new phase 2 with another subnet, is that correct or is that a wrong use of the ZyWALL ???

ZyWALL will manage every on as single, even if they share the same settings.
If you allow multiple proposals, it will just set them to the best performace (lower security).

betatester38 wrote: . . . .............................

Since now, I've always used static IP adress and every VPN use another Phase 1 and Phase 2 to access to my local ZyWALL but this is the first time I work with this configuration and I will know if my configuration is correct or if I've done something wrong and what ?

Thanks for answers


One policy fits all. The other solution? Simple, active a dyndns host for each client and you will have a site-to-site VPN again.
____________________________________________________________________
I don't have the Truth, just suggestions - Click the * for useful answers!
Status: Sorry for the delay: ... workload!
Site: http://www.stradadellanglonasubito.comoj.com
User avatar
superataru
Addict
Addict
 
Posts: 1209
Cash: 1238
Joined: Wed Mar 11, 2009 6:30 pm
Top

Re: Mutiple (dynamic) VPN connections

Postby betatester38 on Fri Oct 30, 2009 2:12 am

Thanks for answer, then I could continue to use multiple connexion on the same phase 2; I wasn't sure of this issue.

Dyndns is not possible for nomads connexions, due to the fact that users are connecting behind a nat router in public Lan's.
Regards
betatester38
Newbie
Newbie
 
Posts: 2
Cash: 3
Joined: Thu Oct 29, 2009 5:56 pm
Top

Re: Mutiple (dynamic) VPN connections

Postby superataru on Fri Oct 30, 2009 6:46 pm

betatester38 wrote:Thanks for answer, then I could continue to use multiple connexion on the same phase 2; I wasn't sure of this issue.

Dyndns is not possible for nomads connexions, due to the fact that users are connecting behind a nat router in public Lan's.
Regards


Ah, ok, Zone IP for many users.
____________________________________________________________________
I don't have the Truth, just suggestions - Click the * for useful answers!
Status: Sorry for the delay: ... workload!
Site: http://www.stradadellanglonasubito.comoj.com
User avatar
superataru
Addict
Addict
 
Posts: 1209
Cash: 1238
Joined: Wed Mar 11, 2009 6:30 pm
Top
Post a reply

Return to ZyWALL series

Who is online

Users browsing this forum: No registered users and 0 guests


Protected by Anti-Spam ACP
forum statistics View Forum Stats
© Copyright 1995-2009, ZyXEL Communications Corp. All rights reserved.