ZyXEL Communications 1000 User Manual
Chapter 7 Tutorials
ZyWALL USG 1000 User’s Guide
131
7.5 How to Configure a Hub-and-spoke IPSec
VPN Without a VPN Concentrator
VPN Without a VPN Concentrator
A hub-and-spoke IPSec VPN connects IPSec VPN tunnels to form one secure
network. This reduces the number of VPN connections that you have to set up and
maintain in the network. Here is an example of a hub-and-spoke VPN that does
not use the ZyWALL’s VPN concentrator feature. Here branch office A has a
ZyNOS-based ZyWALL and headquarters (HQ) and branch office B have USG
ZyWALLs.
network. This reduces the number of VPN connections that you have to set up and
maintain in the network. Here is an example of a hub-and-spoke VPN that does
not use the ZyWALL’s VPN concentrator feature. Here branch office A has a
ZyNOS-based ZyWALL and headquarters (HQ) and branch office B have USG
ZyWALLs.
• Branch office A’s ZyWALL uses one VPN rule to access both the headquarters
(HQ) network and branch office B’s network.
• Branch office B’s ZyWALL uses one VPN rule to access both the headquarters
and branch office A’s networks.
Figure 83 Hub-and-spoke VPN Example
This hub-and-spoke VPN example uses the following settings.
Branch Office A (ZyNOS-based ZyWALL):
Gateway Policy (Phase 1)
• My Address: 10.0.0.2
• Primary Remote Gateway: 10.0.0.1
• Primary Remote Gateway: 10.0.0.1
Network Policy (Phase 2)
• Local Network: 192.168.167.0/255.255.255.0
• Remote Network: 192.168.168.0~192.168.169.255
• Remote Network: 192.168.168.0~192.168.169.255
Headquarters (ZyWALL USG):
VPN Gateway (VPN Tunnel 1):