P-661HW-D Series Support Notes
internal server according to the service port and private IP entered in
SUA/NAT Server Table.
However, if both NAT and IPSec is enabled in Prestige, the edit of the table is
necessary only if the connection is a non-secure connections. For secure
connections, none SUA server settings are required since private IP is
reachable in the VPN case. Remember, IPSec is an IP-in-IP encapsulation,
the internal IP header is not translated by NAT.
For example:
Internal Server----Prestige(NAT+IPSec)-----ADSL Modem----Internet----Remote Network
4. VPN Routing between Branch Office through Headquarter
This page guides us how to setup VPN routing between branch offices through
headquarter. So that whenever branch office A wants to talk to branch office B,
headquarter plays as a VPN relay. Users can gain benefit from such
application when the scale of branch offices is very large, because no
additional VPN tunnels between branch offices are needed. In this support
note, we skip the detailed configuration steps for Internet access and presume
that you are familiar with basic ZyNOS VPN configuration.
As the figure shown below, each branch office have a VPN tunnel to
headquarter, thus PCs in branch offices can access systems in headquarter
via the tunnel. Through VPN routing, Prestige series now provide you a
solution to let PCs in branch offices talk to each other through the existing VPN
tunnels concentrated on the headquarter.
106
All contents copyright © 2006 ZyXEL Communications Corporation.