ZyXEL Communications 2WG 14.19 VPN and Remote Management, 14.20 Hub-and-spokeVPN

Chapter 14 IPSec VPN

Table 96 Telecommuters Using Unique VPN Rules Example

TELECOMMUTERS	HEADQUARTERS

Telecommuter C (telecommuterc.dydns.org)	Headquarters ZyWALL Rule 3:

Local ID Type: E-mail	Peer ID Type: E-mail

Local ID Content: myVPN@myplace.com	Peer ID Content: myVPN@myplace.com

Local IP Address: 192.168.4.15	Remote Gateway Address:
	telecommuterc.dydns.org

	Remote Address 192.168.4.15

14.19 VPN and Remote Management

You can allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to manage the ZyWALL. One of the ZyWALL’s ports must be part of the VPN rule’s local network. This can be the ZyWALL’s LAN port if you do not want to allow remote management on the WAN port. You also have to configure remote management (REMOTE MGMT) to allow management access for the service through the specific port.

In the following example, the VPN rule’s local network (A) includes the ZyWALL’s LAN IP address of 192.168.1.7. Someone in the remote network (B) can use a service (like HTTP for example) through the VPN tunnel to access the ZyWALL’s LAN interface. Remote management must also be configured to allow HTTP access on the ZyWALL’s LAN interface.

Figure 218 VPN for Remote Management Example

14.20 Hub-and-spoke VPN

Hub-and-spoke VPN connects VPN tunnels to form one secure network.

Figure 219 on page 345 shows some example network topologies. In the first (fully-meshed) approach, there is a VPN connection between every pair of routers. In the second (hub-and- spoke) approach, there is a VPN connection between each spoke router (B, C, D, and E) and the hub router (A). The hub router routes VPN traffic between the spoke routers and itself.

344
344	ZyWALL 2WG User’s Guide