Enable the VPN connection and name it ("VPN_CONN_EXAMPLE"). Under VPN
4
Gateway select Site-to-site and the VPN gateway (VPN_GW_EXAMPLE).
Under Policy, select LAN1_SUBNET for the local network and
VPN_REMOTE_SUBNET for the remote. Click OK.
Figure 69 Configuration > VPN > IPSec VPN > VPN Connection > Add
Now set up the VPN settings on the peer IPSec router and try to establish the VPN
5
tunnel. To trigger the VPN, either try to connect to a device on the peer IPSec
router's LAN or click Configuration > VPN > IPSec VPN > VPN Connection
and use the VPN connection screen's Connect icon.
7.4.3 Configure Security Policies for the VPN Tunnel
You configure security policies based on zones. The new VPN connection was
assigned to the IPSec_VPN zone. By default, there are no security restrictions on
the IPSec_VPN zone, so, next, you should set up security policies (firewall rules
and so on) that apply to the IPSec_VPN zone. Make sure all firewalls between the
ZyWALL and remote IPSec router allow UDP port 500 (IKE) and IP protocol 50
(AH) or 51 (ESP). If you enable NAT traversal, all firewalls between the ZyWALL
and remote IPSec router should also allow UDP port 4500.
ZyWALL USG 20/20W User's Guide
Chapter 7 Tutorials
119