ZyXEL Communications 1000 Manuel D’Utilisation
Chapter 7 Tutorials
ZyWALL USG 1000 User’s Guide
130
4
Enable the VPN connection and name it (“VPN_CONN_EXAMPLE”). Under VPN
Gateway select Site-to-site and the VPN gateway (VPN_GW_EXAMPLE).
Under Policy, select LAN_SUBNET for the local network and
VPN_REMOTE_SUBNET for the remote. Click OK.
Gateway select Site-to-site and the VPN gateway (VPN_GW_EXAMPLE).
Under Policy, select LAN_SUBNET for the local network and
VPN_REMOTE_SUBNET for the remote. Click OK.
Figure 82 Configuration > VPN > IPSec VPN > VPN Connection > Add
5
Now set up the VPN settings on the peer IPSec router and try to establish the VPN
tunnel. To trigger the VPN, either try to connect to a device on the peer IPSec
router’s LAN or click Configuration > VPN > IPSec VPN > VPN Connection
and use the VPN connection screen’s Connect icon.
tunnel. To trigger the VPN, either try to connect to a device on the peer IPSec
router’s LAN or click Configuration > VPN > IPSec VPN > VPN Connection
and use the VPN connection screen’s Connect icon.
7.4.3 Configure Security Policies for the VPN Tunnel
You configure security policies based on zones. Assign the new VPN connection to
a zone to be able to apply security policies (firewall rules, IDP, and so on) to the
VPN connection. Make sure all firewalls between the ZyWALL and remote IPSec
router allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). If you enable
NAT traversal, all firewalls between the ZyWALL and remote IPSec router should
also allow UDP port 4500.
a zone to be able to apply security policies (firewall rules, IDP, and so on) to the
VPN connection. Make sure all firewalls between the ZyWALL and remote IPSec
router allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). If you enable
NAT traversal, all firewalls between the ZyWALL and remote IPSec router should
also allow UDP port 4500.