ZyXEL Communications USG 2000 25.4.2VPN Concentrator Screen, 25.4.3 The VPN Concentrator Add/Edit Screen

Chapter 25 IPSec VPN

•The local IP addresses configured in the VPN rules should not overlap.

•The concentrator must have at least one separate VPN rule for each spoke. In the local policy, specify the IP addresses of the networks with which the spoke is to be able to have a VPN tunnel. This may require you to use more than one VPN rule for each spoke.

•To have all Internet access from the spoke routers go through the VPN tunnel, set the VPN rules in the spoke routers to use 0.0.0.0 (any) as the remote IP address.

•Your firewall rules can still block VPN packets.

•If on a USG ZyWALL the concentrator’s VPN tunnels are members of a single zone, make sure it is not set to block intra-zone traffic.

25.4.2VPN Concentrator Screen

The VPN Concentrator summary screen displays the VPN concentrators in the ZyWALL. To access this screen, click Configuration > VPN > IPSec VPN > Concentrator. The following screen appears.

Figure 335 Configuration > VPN > IPSec VPN > Concentrator

Each field is discussed in the following table. See Section 25.4.3 on page 468 for more information.

Table 122 Configuration > VPN > IPSec VPN > Concentrator

LABEL	DESCRIPTION
Add	Click this to create a new entry.

Edit	Select an entry and click this to be able to modify it.

Remove	Select an entry and click this to delete it.

#	This field is a sequential value, and it is not associated with a specific
	concentrator.

Name	This field displays the name of the VPN concentrator.

Group Members	These are the VPN connection policies that are part of the VPN
	concentrator.

25.4.3 The VPN Concentrator Add/Edit Screen

The VPN Concentrator Add/Edit screen allows you to create a new VPN concentrator or edit an existing one. To access this screen, go to the VPN

468
468	ZyWALL USG 2000 User’s Guide