ZyXEL Communications 5 Series User Manual

 Chapter 19 IPSec VPN

ZyWALL 5/35/70 Series User’s Guide

You can allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to 
manage the ZyWALL. One of the ZyWALL’s ports must be part of the VPN rule’s local 
network. This can be the ZyWALL’s LAN port if you do not want to allow remote 
management on the WAN port. You also have to configure remote management (REMOTE 
MGMT) to allow management access for the service through the specific port. 

In the following example, the VPN rule’s local network (A) includes the ZyWALL’s LAN IP 
address of 192.168.1.7. Someone in the remote network (B) can use a service (like HTTP for 
example) through the VPN tunnel to access the ZyWALL’s LAN interface. Remote 
management must also be configured to allow HTTP access on the ZyWALL’s LAN interface.

Figure 222   VPN for Remote Management Example

Hub-and-spoke VPN connects VPN tunnels to form one secure network.

 shows some example network topologies. In the first (fully-meshed) 

approach, there is a VPN connection between every pair of routers. In the second (hub-and-
spoke) approach, there is a VPN connection between each spoke router (B, C, D, and E) and 
the hub router (A). The hub router routes VPN traffic between the spoke routers and itself.

Telecommuter C (telecommuterc.dydns.org)

Headquarters ZyWALL Rule 3:

Local ID Type: E-mail

Peer ID Type: E-mail

Local ID Content: myVPN@myplace.com

Peer ID Content: myVPN@myplace.com

Local IP Address: 192.168.4.15

Remote Gateway Address: 
telecommuterc.dydns.org

Remote Address 192.168.4.15

Table 110   Telecommuters Using Unique VPN Rules Example