Chapter 4 Create Secure Connections Across the Internet
ZyWALL USG100-PLUS User’s Guide
68
• Primary Remote Gateway: 10.0.0.1
Network Policy (Phase 2): Local Network: 192.168.167.0/255.255.255.0; Remote Network:
192.168.168.0~192.168.169.255
Headquarters (ZLD-based ZyWALL):
VPN Gateway (VPN Tunnel 1):
• My Address: 10.0.0.1
• Peer Gateway Address: 10.0.0.2
VPN Connection (VPN Tunnel 1):
• Local Policy: 192.168.168.0~192.168.169.255
• Remote Policy: 192.168.167.0/255.255.255.0
• Disable Policy Enforcement
VPN Gateway (VPN Tunnel 2):
• My Address: 10.0.0.1
• Peer Gateway Address: 10.0.0.3
VPN Connection (VPN Tunnel 2):
• Local Policy: 192.168.167.0~192.168.168.255
• Remote Policy: 192.168.169.0/255.255.255.0
• Disable Policy Enforcement
Branch Office B (ZLD-based ZyWALL):
VPN Gateway:
• My Address: 10.0.0.3
• Peer Gateway Address: 10.0.0.1
VPN Connection:
• Local Policy: 192.168.169.0/255.255.255.0
• Remote Policy: 192.168.167.0~192.168.168.255
• Disable Policy Enforcement
4.3.1 What Can Go Wrong
Consider the following when implementing a hub-and-spoke VPN.
• This example uses a wide range for the ZyNOS-based ZyWALL’s remote network, to use a
narrower range, see Section 4.3 on page 67 for an example of configuring a VPN concentrator.
• The local IP addresses configured in the VPN rules should not overlap.
To Next Page
Loading...
