ZyXEL Communications 1000 Benutzerhandbuch
Chapter 25 IPSec VPN
ZyWALL USG 1000 User’s Guide
466
• Branch office A’s ZyWALL uses one VPN rule to access both the headquarters
(HQ) network and branch office B’s network.
• Branch office B’s ZyWALL uses one VPN rule to access branch office A’s network
only. Branch office B is not permitted to access the headquarters network.
Figure 334 IPSec VPN Concentrator Example
This IPSec VPN concentrator example uses the following settings.
Branch Office A (ZyNOS-based ZyWALL):
VPN Gateway (VPN Tunnel 1):
• My Address: 10.0.0.2
• Peer Gateway Address: 10.0.0.1
• Peer Gateway Address: 10.0.0.1
VPN Connection (VPN Tunnel 1):
• Local Policy:192.168.11.0/255.255.255.0
• Remote Policy: 192.168.1.0/255.255.255.0
• Disable Policy Enforcement
• Remote Policy: 192.168.1.0/255.255.255.0
• Disable Policy Enforcement
Policy Route
• Source: 192.168.11.0
• Destination: 192.168.12.0
• Next Hop: VPN Tunnel 1
• Destination: 192.168.12.0
• Next Hop: VPN Tunnel 1
Headquarters (ZyWALL USG):
VPN Gateway (VPN Tunnel 1):
• My Address: 10.0.0.1
• Peer Gateway Address: 10.0.0.2
• Peer Gateway Address: 10.0.0.2