ZyXEL Communications 5 Series User Manual
Chapter 5 Tutorials
ZyWALL 5/35/70 Series User’s Guide
119
When you can ping IP address 10.0.0.2 from the computer with IP address 192.168.167.2
behind ZyWALL B, you know the VPN tunnel works.
behind ZyWALL B, you know the VPN tunnel works.
5.1.5 Using the Dynamic VPN Rule for More VPN Tunnels
Other remote users (like sales people and telecommuters) using IPSec routers with dynamic
WAN IP addresses can also use the same gateway and network policy on ZyWALL A. The
gateway policies you configure on the remote IPSec routers differ by user name and password.
The network policies on the remote IPSec routers differ by the IP address of the computer
behind the remote IPSec router. Even though all of the remote IPSec routers use the same
gateway policy and network policy on ZyWALL A, ZyWALL A builds a different VPN
tunnel for each remote IPSec router. See
WAN IP addresses can also use the same gateway and network policy on ZyWALL A. The
gateway policies you configure on the remote IPSec routers differ by user name and password.
The network policies on the remote IPSec routers differ by the IP address of the computer
behind the remote IPSec router. Even though all of the remote IPSec routers use the same
gateway policy and network policy on ZyWALL A, ZyWALL A builds a different VPN
tunnel for each remote IPSec router. See
to display VPN tunnels.
Figure 52 Additional Dynamic VPN Rules Example
• Create a unique user name and password for each remote IPSec router in ZyWALL A’s
local user database (or on a RADIUS server that ZyWALL A is configured to use).
• Configure a gateway policy on each remote IPSec router. Use the same MyZyWALL and
Primary Remote Gateway address and Pre-Shared Key settings on all of the remote
IPSec routers, but a different user name and password for each.
IPSec routers, but a different user name and password for each.
• Configure a different network policy for each remote IPSec router. Make sure the IP
addresses of the computers (behind the remote IPSec routers) that can trigger the dynamic
rule VPN tunnels do not overlap with each other. For example, computers Y, Z, and L all
use different private IP addresses. You can also use virtual address mapping (NAT over
IPSec) to avoid an overlap (see
rule VPN tunnels do not overlap with each other. For example, computers Y, Z, and L all
use different private IP addresses. You can also use virtual address mapping (NAT over
IPSec) to avoid an overlap (see
).
5.2 Security Settings for VPN Traffic
The ZyWALL can apply the firewall, IDP, anti-virus, anti-spam and content filtering to the
traffic going to or from the ZyWALL’s VPN tunnels. The ZyWALL applies the security
settings to the traffic before encrypting VPN traffic that it sends out or after decrypting
received VPN traffic.
traffic going to or from the ZyWALL’s VPN tunnels. The ZyWALL applies the security
settings to the traffic before encrypting VPN traffic that it sends out or after decrypting
received VPN traffic.
X
Y
10.0.0.2~10.0.0.64
192.168.167.2
A
B
1.2.3.4
0.0.0.0
L
192.168.167.34
D
0.0.0.0
Z
192.168.167.33
C
0.0.0.0