ZyXEL Communications ZyWALL 5 Support Notes page 105

ZyWALL 5 Support Notes
As the figure shown below, each branch office have a VPN tunnel to headquarter, thus PCs in branch offices
can access systems in headquarter via the tunnel. Through VPN routing, ZyWALL series now provide you a
solution to let PCs in branch offices talk to each other through the existing VPN tunnels concentrated on the
headquarter.
The IP addresses we use in this example are as shown below.
Branch_A Headquarter Branch_B
WAN:202.3.1.1 WAN:202.1.1.1 WAN:202.2.1.1
LAN:192.168.3.1 LAN:192.168.1.1 LAN:192.168.2.1
LAN of Branch_A LAN of Headquarter LAN of Branch_B
192.168.3.0/24 192.168.1.0/24 192.168.2.0/24
1. Setup VPN in branch office A
Because VPN routing enables branch offices to talk to each other via tunnels concentrated on headquarter. In
this step, we configure an IPSec rule in ZyWALL (Branch_A) for PCs behind branch office A to access both
LAN segments of headquarter and branch office B. Because the LAN segments of headquarter and branch
office B are continuous, we merge them into one single rule by including these two segments in Remote section.
If by any chance, the two segments are not continuous, we strongly recommend you to setup different rules for
these segments.
1. Go to SECURITY->VPN->Press Add button
105
All contents copyright (c) 2006 ZyXEL Communications Corporation.