Chapter 14 IPSec VPN
14.17.1.1 Dynamic VPN Rule
Local and remote network IP addresses can overlap when you configure a dynamic VPN rule for a remote site (see Figure 213). For example, when you configure ZyWALL X, you configure the local network as 192.168.1.0/24 and the remote network as any (0.0.0.0). The “any” includes all possible IP addresses. It will forward traffic from network A to network B even if both the sender (for example 192.168.1.8) and the receiver (for example 192.168.1.9) are in network A. Note that the remote access can still use the VPN tunnel to access computers on ZyWALL X’s network.
Figure 213 Overlap in a Dynamic VPN Rule
192.168.1.0/24 | 0.0.0.0 |
•Setting Local and Remote IP Address Conflict Resolution to The Local Network has the ZyWALL check if a packet’s destination is also at the local network before forwarding the packet. If it is, the ZyWALL sends the traffic to the local network.
•Setting Local and Remote IP Address Conflict Resolution to The Remote Network disables the checking for local network IP addresses.
14.17.1.2IP Alias
You could have an IP alias network that overlaps with the VPN remote network (see Figure 214). For example, you have an IP alias network M (10.1.2.0/24) in ZyWALL X’s LAN. For the VPN rule, you configure the VPN network as follows.
•Local IP address start: 192.168.1.1, end: 192.168.1.254
•Remote IP address start: 10.1.2.240, end: 10.1.2.254
•IP addresses 10.1.2.240 to 10.1.2.254 overlap.
| 339 |
ZyWALL 2WG User’s Guide | |
|
|