Chapter 7 Tutorials

My Address: 10.0.0.1

Peer Gateway Address: 10.0.0.2

VPN Connection (VPN Tunnel 1):

Local Policy: 192.168.168.0~192.168.169.255

Remote Policy:192.168.167.0/255.255.255.0

Disable Policy Enforcement

VPN Gateway (VPN Tunnel2):

My Address: 10.0.0.1

Peer Gateway Address: 10.0.0.3

VPN Connection (VPN Tunnel 2):

Local Policy: 192.168.167.0~192.168.168.255

Remote Policy: 192.168.169.0/255.255.255.0

Disable Policy Enforcement

Branch Office B (ZyWALL USG):

VPN Gateway:

My Address: 10.0.0.3

Peer Gateway Address: 10.0.0.1

VPN Connection:

Local Policy: 192.168.169.0/255.255.255.0

Remote Policy: 192.168.167.0~192.168.168.255

Disable Policy Enforcement

7.5.0.1Hub-and-spoke VPN Requirements and Suggestions

Consider the following when implementing a hub-and-spoke VPN.

This example uses a wide range for the ZyNOS-based ZyWALL’s remote network, to use a narrower range, see Section 25.4.1 on page 465 for an example of configuring a VPN concentrator.

The local IP addresses configured in the VPN rules should not overlap.

The hub router must have at least one separate VPN rule for each spoke. In the local policy, specify the IP addresses of the hub-and-spoke networks with which the spoke is to be able to have a VPN tunnel. This may require you to use more than one VPN rule.

132

 

ZyWALL USG 2000 User’s Guide