ZyXEL Communications USG 2000 manual 466

Chapter 25 IPSec VPN

•Branch office A’s ZyWALL uses one VPN rule to access both the headquarters (HQ) network and branch office B’s network.

•Branch office B’s ZyWALL uses one VPN rule to access branch office A’s network only. Branch office B is not permitted to access the headquarters network.

Figure 334 IPSec VPN Concentrator Example

This IPSec VPN concentrator example uses the following settings.

Branch Office A (ZyNOS-based ZyWALL):

VPN Gateway (VPN Tunnel 1):

•My Address: 10.0.0.2

•Peer Gateway Address: 10.0.0.1

VPN Connection (VPN Tunnel 1):

•Local Policy:192.168.11.0/255.255.255.0

•Remote Policy: 192.168.1.0/255.255.255.0

•Disable Policy Enforcement

Policy Route

•Source: 192.168.11.0

•Destination: 192.168.12.0

•Next Hop: VPN Tunnel 1

Headquarters (ZyWALL USG):

VPN Gateway (VPN Tunnel 1):

•My Address: 10.0.0.1

•Peer Gateway Address: 10.0.0.2