EasyManua.ls Logo

ZyXEL Communications 5 Series - Page 393

ZyXEL Communications 5 Series
824 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 19 IPSec VPN
ZyWALL 5/35/70 Series User’s Guide
393
You can configure a remote network as 0.0.0.0 (any) when:
Forwarding all outgoing traffic to the remote gateway.
The remote network's addresses are unknown or there are many remote networks using
one VPN rule (see Section 19.11.1 on page 383 for an example of telecommuters sharing
one VPN rule).
" It is not recommended to set a VPN rule’s local and remote network settings
both to 0.0.0.0 (any).
In most cases you should use virtual address mapping (see Virtual Address Mapping on page
393) to avoid overlapping local and remote network IP addresses. See Section 19.10 on page
379 for how the ZyWALL handles overlapping local and remote network IP addresses.
Virtual Address Mapping
Virtual address mapping (NAT over IPSec) changes the source IP addresses of packets from
your local devices to virtual IP addresses before sending them through the VPN tunnel.
Avoiding Overlapping Local And Remote Network IP Addresses
If both IPSec routers support virtual address mapping, you can access devices on both
networks, even if their IP addresses overlap. You map the ZyWALL’s local network addresses
to virtual IP addresses and map the remote IPSec routers local IP addresses to other (non-
overlapping) virtual IP addresses.
The following diagram shows an example of using virtual address mapping to avoid
overlapping local and remote IP addresses. You can set up virtual address mapping on both
IPSec routers to allow computers on network X to access network X and network Y computers
with the same IP address.
You set ZyWALL A to change the source IP addresses of packets from local network X
(192.168.1.2 to 192.168.1.4) to virtual IP addresses 10.0.0.2 to 10.0.0.4 before sending
them through the VPN tunnel.
You set ZyWALL B to change the source IP addresses of packets from the remote
network Y (192.168.1.2 to 192.168.1.27) to virtual IP addresses 172.21.2.2 to 172.21.2.27
before sending them through the VPN tunnel.
•On ZyWALL A, you specify 172.21.2.2 to 172.21.2.27 as the remote network. On
ZyWALL B, you specify 10.0.0.2 to 10.0.0.4 as the remote network.

Table of Contents

Related product manuals