Mapping Multiple Network Policy To Same Gateway Policy - ZyXEL Communications ZyWall 35 Support Notes

encapsulated in UDP packet to avoid traversal problem on NAT routers.
4) Under VPN->Gateway Policy-> Gateway Policy Information configure the private IP address as
"My Address" on local ZyWALL gateway (behind NAT router).
5) On peer VPN gateway, use the public WAN IP address of NAT Router as the "Remote Gateway
Address" of Gateway Policy rule.
The ID must be consistent no matter if IP/DNS/EMAIL is used. So long as if the ID Type and content are
consistent on both VP entities.

Mapping multiple Network policy to same gateway policy

This section describes an example configuration to map multiple (different) network policies to same
gateway policy which is built between two VPN gateways. Different network policies allow user in one
network to access multiple destination networks which are not in the continuous range. The other feature
of this application is to limit some users to access some specific destination and prevent others from
accessing the same network.
In following example, the owner of PC1 belongs to financial department and needs to connect to the
financial department (Dept.1) for business sensitive application. PC2 belongs to other group (Dept.2) and
need to access Dept.2 .
Dept. 1
Dept. 2 GW1
Dept. 1
Dept. 2
GW1
The configuration goal is to achieve following two :
Traffic (PC1 <– > Dept1)
IPSec
IPSec Tunnel
IPSec Tunnel 1
Tunnel
IKE Tunnel
IPSec
IPSec Tunnel 2
Tunnel
Traffic (PC2 <–> Dept2)
Internet
VPN tunnel 1
VPN tunnel 2
All contents copyright (c) 2006 ZyXEL Communications Corporation.
ZyWALL 35 Support Notes
IPSec
IPSec Tunnel 1
Tunnel
IPSec
IPSec Tunnel 2
GW2
Tunnel
PC1
GW2
PC2
PC 1
PC 2
PC 1
PC 2
72