ZyXEL Communications 1000 User Manual

Chapter 25 IPSec VPN

ZyWALL USG 1000 User’s Guide

• The local IP addresses configured in the VPN rules should not overlap.
• The concentrator must have at least one separate VPN rule for each spoke. In 

the local policy, specify the IP addresses of the networks with which the spoke is 

to be able to have a VPN tunnel. This may require you to use more than one 

VPN rule for each spoke. 

• To have all Internet access from the spoke routers go through the VPN tunnel, 

set the VPN rules in the spoke routers to use 0.0.0.0 (any) as the remote IP 

address. 

• Your firewall rules can still block VPN packets.
• If on a USG ZyWALL the concentrator’s VPN tunnels are members of a single 

zone, make sure it is not set to block intra-zone traffic.

The VPN Concentrator summary screen displays the VPN concentrators in the 
ZyWALL. To access this screen, click Configuration > VPN > IPSec VPN > 
Concentrator. The following screen appears. 

Figure 335   Configuration > VPN > IPSec VPN > Concentrator

Each field is discussed in the following table. See 

 for 

more information.  

The VPN Concentrator Add/Edit screen allows you to create a new VPN 
concentrator or edit an existing one. To access this screen, go to the VPN 

Table 122   Configuration > VPN > IPSec VPN > Concentrator

Add

Click this to create a new entry. 

Edit

Select an entry and click this to be able to modify it. 

Remove

Select an entry and click this to delete it. 

#

This field is a sequential value, and it is not associated with a specific 
concentrator.

Name

This field displays the name of the VPN concentrator.

Group Members

These are the VPN connection policies that are part of the VPN 
concentrator.