How To Use Dual-Wan To Perform Fail-Over On Vpn Using The Vpn Concentrator; Set Up The Ipsec Vpn Tunnel On The Zywall/Usg; Hub_Hq-To-Branch_A - ZyXEL Communications ZyWALL 110 Handbook
Zywall/usg series security firewalls
Hide thumbs
Also See for ZyWALL 110:
- User manual (1090 pages) ,
- Handbook (749 pages) ,
- Handbook & instructions (255 pages)
Table of Contents
Advertisement
4.9 How to Use Dual-WAN to Perform Fail-Over on VPN
Using the VPN Concentrator
This is an example of using Dual-WAN to perform fail-over on a hub-and-spoke VPN with the HQ
ZyWALL/USG as the hub and spoke VPNs to Branches A and B. When the VPN tunnel is configured,
traffic passes between branches via the hub (HQ). Traffic can also pass between spoke-and-spoke
through the hub. If the primary WAN interface is unavailable, the backup WAN interface will be
used. When the primary WAN interface is available again, traffic will use that interface again.
Figure 436 Hub & Spoken VPN Using the VPN Concentrator with Backup WAN
Note: All network IP addresses and subnet masks are used as examples in this article.
Please replace them with your actual network IP addresses and subnet masks. This
example was tested using USG310 (Firmware Version: ZLD 4.13).
4.9.1 Set Up the IPSec VPN Tunnel on the ZyWALL/USG
4.9.2 Hub_HQ-to-Branch_A
Go to CONFIGURATION > VPN > IPSec VPN > VPN Gateway, select Enable. Type the VPN
1
Gateway Name used to identify this VPN gateway.
Then, configure the Primary Gateway IP as the Branch A's wan1 IP address (in the example,
172.16.20.1) and Secondary Gateway IP as the Branch A's wan2 IP address (in the example,
172.100.120.1). Select Fall back to Primary Peer Gateway when possible and set desired Fall
Back Check Interval time.
Type a secure Pre-Shared Key (8-32 characters) which must match your Branch A's Pre-Shared
Key and click OK.
Chapter 4 Create Site-to-Site VPN Tunnels
ZyWALL/USG Series User's Guide
187
Advertisement
Table of Contents
