ZyXEL Communications 2 Plus 14.17.3 Hub-and-spokeVPN Requirements and Suggestions

Chapter 14 IPSec VPN

14.17.3 Hub-and-spoke VPN Requirements and Suggestions

Consider the following when implementing a hub-and-spoke VPN. The local IP addresses configured in the VPN rules cannot overlap

The hub router must have at least one separate VPN rule for each spoke. In the local IP address, specify the IP addresses of the hub-and-spoke networks with which the spoke is to be able to have a VPN tunnel. This may require you to use more than one VPN rule.

If you want to have the spoke routers access the Internet through the hub-and-spoke VPN tunnel, set the VPN rules in the spoke routers to use 0.0.0.0 (any) as the remote IP address.

Make sure that your From VPN and To VPN firewall rules do not block the VPN packets.

294
294	ZyWALL 2 Plus User’s Guide