Manualshelf

User`s guide

ManualsBrandsProxicast ManualsComputer equipmentLAN-Cell 2
231232233234235236237238239240
Chapter 10 IPSec VPN Config Screens
LAN-Cell 2 User’s Guide
237
With aggressive negotiation mode (see Section on page 247), the LAN-Cell can use the ID
types and contents to distinguish between VPN rules. Mobile users can each use a separate
VPN rule to simultaneously access the LAN-Cell. They can use different IPSec parameters.
The local IP addresses (or ranges of addresses) of the rules configured on the LAN-Cell can
overlap. The local IP addresses of the rules configured on the mobile users’ IPSec routers
should not overlap.
See the following table and figure for an example where three mobile users each use a
different VPN rule for a VPN connection with a LAN-Cell. The LAN-Cell (HQ in the figure)
identifies each incoming SA by its ID type and content and uses the appropriate VPN rule to
establish the VPN connection.
The LAN-Cell can also initiate VPN connections to the mobile users since it can find the users
by resolving their domain names.
Figure 142 Mobile Users Using Unique VPN Rules Example
Table 86 Mobile Users Using Unique VPN Rules Example
MOBILE USERS HEADQUARTERS
All Mobile User Rules: All Headquarters Rules:
My LAN-Cell 0.0.0.0 My LAN-Cell: bigcompanyhq.com
Remote Gateway Address: bigcompanyhq.com Local Network - Single IP Address: 192.168.1.10
Remote Network - Single IP Address:
192.168.1.10
Local ID Type: E-mail
Peer ID Type: E-mail Local ID Content: bob@bigcompanyhq.com
Peer ID Content: bob@bigcompanyhq.com
User A (UserA.dydns.org) Headquarters LAN-Cell Rule 1:
Local ID Type: IP Peer ID Type: IP
Local ID Content: 192.168.2.12 Peer ID Content: 192.168.2.12
Local IP Address: 192.168.2.12 Remote Gateway Address: UserA.dydns.org
Remote Address 192.168.2.12
User B (UserB.dydns.org) Headquarters LAN-Cell Rule 2: