ZyXEL Communications ZyWALL 1000 6.2.5 Set up the Zone for the VPN Tunnel

Chapter 6 Tutorials

Figure 64 Network > Routing > Policy Route > Add

Because the new VPN connection has not been assigned to a zone yet, there are no restrictions (for example, firewall) on traffic to or from this VPN connection. You should set up the VPN settings on the remote IPSec router and try to establish the VPN tunnel before continuing.

The new VPN connection has not been assigned to a zone yet. In this example, you want to set up different security policies for VPN tunnels than you do for the default LAN, DMZ, and WAN zones, so create a new zone called VPN.

1Click Network > Zone. Click the Add icon.

2Give the zone a name (“VPN”), and add the VPN tunnel to it. Select IPSEC/

VPN_CONN_EXAMPLE and click the right arrow to add it to the Member list. Click OK.

Figure 65 Network > Zone > Add

By default, there are no security restrictions on the new zone, so, next, you should set up security policies (firewall rules, IDP, and so on) accordingly. Make sure all the firewalls between the ZyWALL and remote IPSec router allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). You did not enable NAT traversal, so you do not have to configure the firewalls to allow UDP port 4500.