Configure Security Policies For The Vpn Tunnel - ZyXEL Communications ZyWall USG 2000 User Manual

Chapter 7 Tutorials
Enable the VPN connection and name it ("VPN_CONN_EXAMPLE"). Under VPN
4
Gateway select Site-to-site and the VPN gateway (VPN_GW_EXAMPLE).
Under Policy, select LAN_SUBNET for the local network and
VPN_REMOTE_SUBNET for the remote. Click OK.
Figure 83 Configuration > VPN > IPSec VPN > VPN Connection > Add
Now set up the VPN settings on the peer IPSec router and try to establish the VPN
5
tunnel. To trigger the VPN, either try to connect to a device on the peer IPSec
router's LAN or click Configuration > VPN > IPSec VPN > VPN Connection
and use the VPN connection screen's Connect icon.

7.4.3 Configure Security Policies for the VPN Tunnel

You configure security policies based on zones. Assign the new VPN connection to
a zone to be able to apply security policies (firewall rules, IDP, and so on) to the
VPN connection. Make sure all firewalls between the ZyWALL and remote IPSec
router allow UDP port 500 (IKE) and IP protocol 50 (AH) or 51 (ESP). If you enable
NAT traversal, all firewalls between the ZyWALL and remote IPSec router should
also allow UDP port 4500.
132
ZyWALL USG 2000 User's Guide