Chapter 25 IPSec VPN
• The local IP addresses configured in the VPN rules should not overlap.
• The concentrator must have at least one separate VPN rule for each spoke. In
the local policy, specify the IP addresses of the networks with which the spoke is
to be able to have a VPN tunnel. This may require you to use more than one
VPN rule for each spoke.
• To have all Internet access from the spoke routers go through the VPN tunnel,
set the VPN rules in the spoke routers to use 0.0.0.0 (any) as the remote IP
address.
• Your firewall rules can still block VPN packets.
• If on a USG ZyWALL or ZyWALL 1050 the concentrator's VPN tunnels are
members of a single zone, make sure it is not set to block intra-zone traffic.
25.4.2 VPN Concentrator Screen
The VPN Concentrator summary screen displays the VPN concentrators in the
ZyWALL. To access this screen, click Configuration > VPN > IPSec VPN >
Concentrator. The following screen appears.
Figure 361 Configuration > VPN > IPSec VPN > Concentrator
Each field is discussed in the following table. See
more information.
Table 132 Configuration > VPN > IPSec VPN > Concentrator
LABEL
Add
Edit
Remove
#
Name
Group Members
25.4.3 The VPN Concentrator Add/Edit Screen
The VPN Concentrator Add/Edit screen allows you to create a new VPN
concentrator or edit an existing one. To access this screen, go to the VPN
500
DESCRIPTION
Click this to create a new entry.
Select an entry and click this to be able to modify it.
Select an entry and click this to delete it.
This field is a sequential value, and it is not associated with a specific
concentrator.
This field displays the name of the VPN concentrator.
These are the VPN connection policies that are part of the VPN
concentrator.
Section 25.4.3 on page 500
ZyWALL USG 300 User's Guide
for