ZyXEL Communications 2 Plus User Manual
Chapter 14 IPSec VPN
ZyWALL 2 Plus User’s Guide
294
14.17.3 Hub-and-spoke VPN Requirements and Suggestions
Consider the following when implementing a hub-and-spoke VPN.
The local IP addresses configured in the VPN rules cannot overlap
The hub router must have at least one separate VPN rule for each spoke. In the local IP
address, specify the IP addresses of the hub-and-spoke networks with which the spoke is to be
able to have a VPN tunnel. This may require you to use more than one VPN rule.
If you want to have the spoke routers access the Internet through the hub-and-spoke VPN
tunnel, set the VPN rules in the spoke routers to use 0.0.0.0 (any) as the remote IP address.
Make sure that your From VPN and To VPN firewall rules do not block the VPN packets.
The local IP addresses configured in the VPN rules cannot overlap
The hub router must have at least one separate VPN rule for each spoke. In the local IP
address, specify the IP addresses of the hub-and-spoke networks with which the spoke is to be
able to have a VPN tunnel. This may require you to use more than one VPN rule.
If you want to have the spoke routers access the Internet through the hub-and-spoke VPN
tunnel, set the VPN rules in the spoke routers to use 0.0.0.0 (any) as the remote IP address.
Make sure that your From VPN and To VPN firewall rules do not block the VPN packets.