ZyXEL Communications 1000 User Manual

Chapter 25 IPSec VPN

ZyWALL USG 1000 User’s Guide

• See 

 for IPSec VPN background information.

• See 

 for the IPSec VPN quick setup wizard.

• See 

 for an example of configuring IPSec VPN.

• See 

 for an example of how to configure a hub-and-

spoke IPSec VPN without using a VPN concentrator.

This section briefly explains the relationship between VPN tunnels and other 
features. It also gives some basic suggestions for troubleshooting.

You should set up the following features before you set up the VPN tunnel.

• In any VPN connection, you have to select address objects to specify the local 

policy and remote policy. You should set up the address objects first.

• In a VPN gateway, you can select an Ethernet interface, virtual Ethernet 

interface, VLAN interface, or virtual VLAN interface to specify what address the 

ZyWALL uses as its IP address when it establishes the IKE SA. You should set up 

the interface first. See 

.

• In a VPN gateway, you can enable extended authentication. If the ZyWALL is in 

server mode, you should set up the authentication method (AAA server) first. 

The authentication method specifies how the ZyWALL authenticates the remote 

IPSec router. See 

• In a VPN gateway, the ZyWALL and remote IPSec router can use certificates to 

authenticate each other. Make sure the ZyWALL and the remote IPSec router 

will trust each other’s certificates. See 

.

Click Configuration > VPN > IPSec VPN to open the VPN Connection screen. 
The VPN Connection screen lists the VPN connection policies and their 
associated VPN gateway(s), and various settings. In addition, it also lets you 
activate / deactivate and connect / disconnect each VPN connection (each IPSec