ZyXEL Communications 2 Plus User Manual
Chapter 11 Firewall
ZyWALL 2 Plus User’s Guide
198
11.3.3 From VPN To VPN Packet Direction
From VPN To VPN firewall rules apply to traffic that comes in through one of the
ZyWALL’s VPN tunnels and terminates at the ZyWALL (like for remote management) or
goes out through another of the ZyWALL’s VPN tunnels (this is called hub-and-spoke VPN,
see
ZyWALL’s VPN tunnels and terminates at the ZyWALL (like for remote management) or
goes out through another of the ZyWALL’s VPN tunnels (this is called hub-and-spoke VPN,
see
for details). The ZyWALL decrypts the traffic and applies the
firewall rules before re-encrypting it or allowing the traffic to terminate at the ZyWALL.
In the following example, the From VPN To VPN default firewall rule silently blocks the
traffic that the ZyWALL receives from any VPN tunnel (either A or B) that is destined for the
other VPN tunnel or the ZyWALL itself. VPN traffic destined for the DMZ is allowed
through.
In the following example, the From VPN To VPN default firewall rule silently blocks the
traffic that the ZyWALL receives from any VPN tunnel (either A or B) that is destined for the
other VPN tunnel or the ZyWALL itself. VPN traffic destined for the DMZ is allowed
through.
Figure 130 From VPN to VPN Example
You would configure the SECURITY > FIREWALL > Default Rule screen as follows.