User's Manual

Chapter 7 Tutorials

ZyWALL USG 2000 User’s Guide

132

• My Address: 10.0.0.1

• Peer Gateway Address: 10.0.0.2

VPN Connection (VPN Tunnel 1):

• Local Policy: 192.168.168.0~192.168.169.255

• Remote Policy:192.168.167.0/255.255.255.0

• Disable Policy Enforcement

VPN Gateway (VPN Tunnel2):

• My Address: 10.0.0.1

• Peer Gateway Address: 10.0.0.3

VPN Connection (VPN Tunnel 2):

• Local Policy: 192.168.167.0~192.168.168.255

• Remote Policy: 192.168.169.0/255.255.255.0

• Disable Policy Enforcement

Branch Office B (ZyWALL USG):

VPN Gateway:

• My Address: 10.0.0.3

• Peer Gateway Address: 10.0.0.1

VPN Connection:

• Local Policy: 192.168.169.0/255.255.255.0

• Remote Policy: 192.168.167.0~192.168.168.255

• Disable Policy Enforcement

7.5.0.1 Hub-and-spoke VPN Requirements and Suggestions

Consider the following when implementing a hub-and-spoke VPN.

• This example uses a wide range for the ZyNOS-based ZyWALL’s remote

network, to use a narrower range, see Section 25.4.1 on page 465 for an

example of configuring a VPN concentrator.

• The local IP addresses configured in the VPN rules should not overlap.

• The hub router must have at least one separate VPN rule for each spoke. In the

local policy, specify the IP addresses of the hub-and-spoke networks with which

the spoke is to be able to have a VPN tunnel. This may require you to use more

than one VPN rule.