Large-Scale Vpn Deployment; Fully Meshed Topology - ZyXEL Communications ZYWALL USG 2000 Support Notes

1.4 Large-scale VPN Deployment

With the business growing, network administrator will face the more and more complicated
VPN topology and applications. ZyWALL USG2000 supports various types of VPN topology
that can meet the needs of the organizations of any size.
ZyWALL USG2000 VPN Topology supports fully meshed topology that can be deployed
when the total number of remote site is small. Star topology is recommended when the total
number of remote sites is high, Even more flexible design, Star and Mesh mixed topology
(cascading topology) can be applied for a global distributed environment.

1.4.1 Fully Meshed Topology

All models in ZyWALL series
can support Fully-meshed VPN
topology, including: ZyWALL 2
Plus/5/35/70/1050/USG2000
Madrid
1) In order to achieve the VPN connectivity of all sites in the fully meshed VPN topology, all
the sites must be directly connected with VPN tunnels to all the remote sites. The network
administrator has to pay huge establishment and maintenance effort with the new remote
site joining. This VPN topology is suitable for only a few sites connected with VPN.
2) For example, to complete the above topology, administrator needs to repeat the same steps
at least five times and totally needs to establish 10 VPN tunnels. The tunnels list follows:
Tunnel 1: London
All contents copyright (c) 2008 ZyXEL Communications Corporation.
London
Paris
VPN Madrid
ZyWALL USG 2000 Support Notes
In a fully-meshed VPN topology, an
user can access to resources within
remote VPN sites provided that a
VPN tunnel was already established
Oslo
In this topology, each site
plays the same role – handles
incoming encrypted traffic or
encrypts outgoing traffic
Hannover
designated to a remote site
73