Chapter 25 IPSec VPN

VPN Connection (VPN Tunnel 1):

Local Policy: 192.168.1.0/255.255.255.0

Remote Policy:192.168.11.0/255.255.255.0

Disable Policy Enforcement

VPN Gateway (VPN Tunnel 2):

My Address: 10.0.0.1

Peer Gateway Address: 10.0.0.3

VPN Connection (VPN Tunnel 2):

Local Policy: 192.168.1.0/255.255.255.0

Remote Policy: 192.168.12.0/255.255.255.0

Disable Policy Enforcement

Concentrator

Add VPN tunnel 1 and VPN tunnel 2 to an IPSec VPN concentrator. Firewall

Block traffic from VPN tunnel 2 from accessing the LAN.

Branch Office B (ZyWALL USG):

VPN Gateway (VPN Tunnel 2):

My Address: 10.0.0.3

Peer Gateway Address: 10.0.0.1

VPN Connection (VPN Tunnel 2):

Local Policy: 192.168.12.0/255.255.255.0

Remote Policy: 192.168.1.0/255.255.255.0

Disable Policy Enforcement

Policy Route

Source: 192.168.12.0

Destination: 192.168.11.0

Next Hop: VPN Tunnel 2

25.4.1.1VPN Concentrator Requirements and Suggestions

Consider the following when using the VPN concentrator.

 

467

ZyWALL USG 2000 User’s Guide