ZyXEL Communications unified security gateway User Manual
Chapter 7 Tutorials
ZyWALL USG 20/20W User’s Guide
119
4
Enable the VPN connection and name it (“VPN_CONN_EXAMPLE”). Under VPN
Gateway
Gateway
select Site-to-site and the VPN gateway (VPN_GW_EXAMPLE).
Under Policy, select LAN1_SUBNET for the local network and
VPN_REMOTE_SUBNET
VPN_REMOTE_SUBNET
for the remote. Click OK.
Figure 69 Configuration > VPN > IPSec VPN > VPN Connection > Add
5
Now set up the VPN settings on the peer IPSec router and try to establish the VPN
tunnel. To trigger the VPN, either try to connect to a device on the peer IPSec
router’s LAN or click Configuration > VPN > IPSec VPN > VPN Connection
and use the VPN connection screen’s Connect icon.
tunnel. To trigger the VPN, either try to connect to a device on the peer IPSec
router’s LAN or click Configuration > VPN > IPSec VPN > VPN Connection
and use the VPN connection screen’s Connect icon.
7.4.3 Configure Security Policies for the VPN Tunnel
You configure security policies based on zones. The new VPN connection was
assigned to the IPSec_VPN zone. By default, there are no security restrictions on
the IPSec_VPN zone, so, next, you should set up security policies (firewall rules
and so on) that apply to the IPSec_VPN zone. Make sure all firewalls between the
ZyWALL and remote IPSec router allow UDP port 500 (IKE) and IP protocol 50
(AH) or 51 (ESP). If you enable NAT traversal, all firewalls between the ZyWALL
and remote IPSec router should also allow UDP port 4500.
assigned to the IPSec_VPN zone. By default, there are no security restrictions on
the IPSec_VPN zone, so, next, you should set up security policies (firewall rules
and so on) that apply to the IPSec_VPN zone. Make sure all firewalls between the
ZyWALL and remote IPSec router allow UDP port 500 (IKE) and IP protocol 50
(AH) or 51 (ESP). If you enable NAT traversal, all firewalls between the ZyWALL
and remote IPSec router should also allow UDP port 4500.