ZyXEL Communications VPN2S Handbook
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Network Router
  5. ZyWALL VPN2S
  6. Handbook

ZyXEL Communications VPN2S Handbook

Vpn
Hide thumbs Also See for VPN2S:
Table of Contents

Advertisement

Quick Links

VPN2S
VPN2S
VPN
Firmware V1.12(ABLN.0)b9
Edition 1, 5/2018
Handbook
Default Login Details
LAN Port IP Address
User Name
Password
https://192.168.1.1
admin
1234
Copyright © 2018 ZyXEL Communications Corporation
www.zyxel.com
1/63

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the VPN2S and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ZyXEL Communications VPN2S

Summary of Contents for ZyXEL Communications VPN2S

  • Page 1 VPN2S VPN2S Firmware V1.12(ABLN.0)b9 Edition 1, 5/2018 Handbook Default Login Details LAN Port IP Address https://192.168.1.1 User Name admin Password 1234 Copyright © 2018 ZyXEL Communications Corporation 1/63...

  • Page 2: Table Of Contents

    Table of Content How to Setup VPN2S connect with Android Mobile via L2TP tunnel ..4 Set Up the PPPoE Connection On VPN2S Series ........5 Set Up the L2TP VPN Tunnel on VPN2S ............ 6 Configure the L2TP VPN Tunnel on Android Mobile (Version 5.0.2) ... 8 Test the L2TP over IPSec VPN Tunnel ............
  • Page 3 Set Up the VPN2S Address Mapping (Many-to-Many) ..... 50 Set Up the VPN2S Address Mapping (Many-to-one) ......51 How to setup policy route to force VPN2S clients following rules ..52 Set Up the policy route to force VPN2S clients following rules ..53 How to Configure Content Filter by Category .........

  • Page 4: How To Setup Vpn2S Connect With Android Mobile Via L2Tp Tunnel

    How to Setup VPN2S connect with Android Mobile via L2TP tunnel This is an example of using the L2TP VPN and VPN client software included in Android mobile phone operating systems. When the VPN tunnel is configured, users can securely access the network and allow traffic from L2TP clients to go to the Internet from an Android mobile phone.

  • Page 5: Set Up The Pppoe Connection On Vpn2S Series

    Set Up the PPPoE Connection On VPN2S Series Go to Configuration> Wan/Internet> WAN Setup> WAN1> Edit, change the Encapsulation from default IPoE to PPPoE and fill the username/password on PPP information. 5/63...

  • Page 6: Set Up The L2Tp Vpn Tunnel On Vpn2S

    Set Up the L2TP VPN Tunnel on VPN2S Go to Configuration> VPN> IPsec VPN > Default_L2TP_VPN_GW and Default_L2TP_VPN_Connection > Edit, enable both of rule and fill the pre-share key on Default_L2TP_VPN_GW. Figure Configuration> VPN> IPsec VPN > Default_L2TP_VPN_GW 6/63...
  • Page 7 www.zyxel.com Figure Configuration> VPN> IPsec VPN > Default_L2TP_VPN_Connection 7/63...

  • Page 8: Configure The L2Tp Vpn Tunnel On Android Mobile (Version 5.0.2)

    www.zyxel.com Move to L2TP VPN, Enable this feature, and select Server type. Fill the IP Address which will be assigned to l2tp client on IP Address Pool. Figure Configuration> VPN> L2TP VPN Configure the L2TP VPN Tunnel on Android Mobile (Version 5.0.2) Go to Setting>...

  • Page 9: Test The L2Tp Over Ipsec Vpn Tunnel

    www.zyxel.com Test the L2TP over IPSec VPN Tunnel Type the username and password, and click CONNECT The L2TP VPN session connected 9/63...

  • Page 10: What Could Go Wrong

    What Could Go Wrong? Make sure your Pre-shared key on VPN2S and Mobile are the same 10/63...

  • Page 11: How To Configure Site To Site Vpn

    Please replace them with your actual network IP addresses and subnet masks. This example was tested using VPN2S. This scenario uses two units of VPN2S to create an IPSec VPN connection. Moreover, both USGs get their public IPs via PPPoE .

  • Page 12: Configuration The Lan Ip On Hq Site

    www.zyxel.com Configuration the LAN IP on HQ Site Go to Configuration > LAN/ Home network > VLAN/ Interface Group > Create the Lan Subnet: 192.168.2.X/24, first go to VLAN to separate the LAN2, and then change the subnet to 192.168.2.X/24 12/63...
  • Page 13 www.zyxel.com Go to Configuration > LAN Setup >Edit 13/63...

  • Page 14: Setup The Vpn Configuration On Hq Site

    www.zyxel.com Setup the VPN configuration on HQ Site Go to Configuration > VPN > IPSec VPN > Add the profile on Gateway configuration and Connection configuration For the VPN gateway, please enter the VPN gateway name, select the Interface (for public IP), enter the peer’s domain in the Primary field, and enter the Pre-Shared Key.
  • Page 15 www.zyxel.com For the VPN connection (Phase 2): 1. Enter the Connection Name, select Site-to-site as the Application Scenario, and select the name of the phase 1 profile (Branch) in the VPN Gateway field. 2. For Local policy, choose the subnet that your PC is connected to. 15/63...

  • Page 16: Configuration The Lan Ip On Branch Site

    www.zyxel.com Configuration the LAN IP on Branch Site Go to Configuration > LAN/ Home network > VLAN/ Interface Group > Create the Lan Subnet: 192.168.3.X/24, first go to VLAN to separate the LAN2, and then change the subnet to 192.168.3.X/24 16/63...
  • Page 17 www.zyxel.com Go to Configuration > LAN Setup >Edit 17/63...

  • Page 18: Setup The Vpn Configuration On Branch Site

    www.zyxel.com Setup the VPN configuration on Branch Site Go to Configuration > VPN > IPSec VPN > Add the profile on Gateway configuration and Connection configuration For the VPN gateway, please enter the VPN gateway name, select the Interface (for public IP), enter the peer’s domain in the Primary field, and enter the Pre-Shared Key.
  • Page 19 www.zyxel.com For the VPN connection (Phase 2): 3. Enter the Connection Name, select Site-to-site as the Application Scenario, and select the name of the phase 1 profile (Branch) in the VPN Gateway field. 4. For Local policy, choose the subnet that your PC is connected to. 19/63...

  • Page 20: Test Ipsec Vpn On Vpn2S Series

    Test IPSec VPN on VPN2S Series Click the connect button, and the Icon will change from Gray to light 20/63...

  • Page 21: How To Configure Vpn With Pc -Server Role

    Please replace them with your actual network IP addresses and subnet masks. Set Up the IPSec VPN Tunnel on the VPN2S In the VPN2S, go to Wizard > Welcome to IPsec VPN Setup, use the VPN Settings for Configuration Provisioning wizard to create a VPN rule that can be used with the ZyWALL IPSec VPN Client.
  • Page 22 www.zyxel.com Choose Express to create a VPN rule with the default phase 1 and phase 2 settings and use a pre-shared key to be the authentication method. Click Next. Wizard > Welcome to IPsec VPN Setup Figure Select the Scenario which will be deployed. (Remote Access, Server Role), and click Next. Wizard >...
  • Page 23 www.zyxel.com The configured result will be displayed. Click Save And then Go to Configuration > VPN > IPsec VPN, the Server role already created on VPN. Figure Configuration > VPN > IPsec VPN 23/63...

  • Page 24: Setup The Zywall Ipsec Vpn Client

    www.zyxel.com Setup the Zywall IPsec VPN client Since the IKE Version 2 is using, so the New VPN Gateway need to be added on IKEV2 on IPSec VPN Client. Figure IPSec VPN Client Fill Remote Gateway IP address and pre-shared key, and then move to IKE Advance 24/63...
  • Page 25 www.zyxel.com On the IKE Advance page, Select IPV4 Address and fill 0.0.0.0 on local and Remote ID. After that, create the New VPN Connection 25/63...
  • Page 26 www.zyxel.com On the IKev2 Tunnel, please fill in VPN Client address and Remote LAN address 26/63...

  • Page 27: Test Vpn2S As Server Role

    Test VPN2S as Server Role Click Open Tunnel The Tunnel established 27/63...
  • Page 28 The result is displayed on VPN on VPN2S 28/63...

  • Page 29: How To Setup Scheduled Rule Via Firewall On Vpn2S

    How to setup scheduled rule via firewall on VPN2S This example will illustrate the VPN2S User Access Control allows IT manager arrange Internet access schedule to limit specific or all LAN PC Internet access time. Figure User Access Control...

  • Page 30: Setup The Schedule Rule On The Vpn2S

    Setup the schedule rule on the VPN2S Go to System > Scheduler Rule > Add Fill the name of the schedule rule and tick Mon to Fri on the Days field. On the Time of Day Range, enter 7:00 to 18:00. Click OK.
  • Page 31 www.zyxel.com Move to Firewall/Security >Firewall Rules > Add, Create the Firewall Rule which related with Schedule rule. Check Enable, fill the name of rule, and check Any to limit all device in the schedule. Choose REJECT as your policy. Select Internet Access which created on schedule rule.

  • Page 32: Test Scheduled Rule Via Firewall On Vpn2S

    Test scheduled rule via firewall on VPN2S How to Configure Interface Group Bridge / Bundle WAN Interface (Triple play) This example shows how to use the Interface Group. There are Internet and VoIP, connections. The Interface Group VoIP should be bridge to WAN interface VoIP.

  • Page 33: Set Up The Interface Group Bridge / Bundle Wan Interface Group On The Vpn2S

    Set Up the Interface Group Bridge / Bundle WAN Interface Group on the VPN2S. Sign into the VPN2S. Go to LAN / Home Network > VLAN / Interface Group Click Configuration > WAN / Internet > WAN Setup > Add to open the follow screen.
  • Page 34 www.zyxel.com Click Configuration > LAN / Home Network > VLAN / Interface Group > Add to open the follow screen. Click Configuration > LAN / Home Network > VLAN / Interface Group > Add > VLAN Group(s) Add to open the follow screen. 34/63...
  • Page 35 www.zyxel.com Click Configuration > LAN / Home Network > VLAN / Interface Group > Add > Interface Used In This Group Add to open the follow screen. Click Configuration > LAN / Home Network > VLAN / Interface Group > Add to open the follow screen.

  • Page 36: How To Configure Multi-Wan

    www.zyxel.com How to configure Multi-WAN This example shows how to use the Multi-WAN, there are WAN1, VoIP, Mobile 36/63...

  • Page 37: Set Up The Multi-Wan On The Vpn2S

    Figure Multi-WAN Set Up the Multi-WAN on the VPN2S. Sign into the VPN2S. Go to Configuration > WAN / Internet > Multi-WAN Click Configuration > WAN / Internet > Multi-WAN > Edit open the follow screen. Check the Multi-WAN status VoIP connection Click Dashboard open the follow screen.

  • Page 38: How To Configure Nat Port Forwarding

    www.zyxel.com WAN1 connection Click Dashboard open the follow screen. Mobile 3G connection Click Dashboard open the follow screen. How to Configure NAT Port Forwarding This example shows how to use the Port Forwarding to access local server. The example instructs how to configure the Port Forwarding. When the Port 38/63...

  • Page 39: Set Up The Port Forwarding On The Vpn2S

    The TCP port is reserved for TR069 connection request port. Set Up the Port Forwarding on the VPN2S. Sign into the VPN2S. Go to NAT > Port Forwarding Click Configuration > NAT > Port Forwarding > Add to open the follow screen.

  • Page 40: Test The Port Forwarding

    www.zyxel.com Click Configuration > NAT > Port Forwarding open the follow screen. Test the Port Forwarding Connect to http://10.214.30.45:55000 will access Server B 192.168.1.43:80 40/63...
  • Page 41 www.zyxel.com 41/63...

  • Page 42: How To Configure Nat Port Triggering

    How to Configure NAT Port Triggering This example shows how to create a Port Triggering on the VPN2S. The example instructs how to configure the Port Triggering. When Port Triggering is opened, File Server will forward to the open port. .

  • Page 43: Set Up The Port Triggering On The Vpn2S

    Set Up the Port Triggering on the VPN2S In the VPN2S, go to NAT > Port Triggering. Click Configuration > NAT > Port Triggering > Add to open the follow screen. 43/63...

  • Page 44: How To Enable Nat Alg

    How to Enable NAT ALG This example shows how to create ALG on the VPN2S. The example instructs how to configure the NAT ALG. When the NAT ALG is configured, will solve major problem for peer-to-peer communication in NAT...

  • Page 45: How To Configure Nat Default Server

    How to Configure NAT Default Server This example shows how to create Default Server on the VPN2S. The example instructs how to configure the Default Server. When the Default Server is configured, each Internet PC can be accessed Web Server.

  • Page 46: Set Up The Default Server On The Vpn2S

    Set Up the Default Server on the VPN2S In the VPN2S, go to NAT > Default Server. Click Configuration > NAT > Default Server > Add to open the follow screen. Click Configuration > NAT > Default Server open the follow screen.

  • Page 47: Test The Default Server

    www.zyxel.com Test the Default Server Connect to http://10.214.30.45 will access Server B 192.168.1.43 47/63...

  • Page 48: How To Configure Nat Address Mapping

    www.zyxel.com How to Configure NAT Address Mapping This example shows how to create NAT Address Mapping. You want to LAN user browser Internet, but you don’t have enough Public. So we can use Address Mapping to translate Private IP to Public IP. When the Address Mapping is configured, each user can be browser Internet.

  • Page 49: Set Up The Vpn2S Address Mapping (One-To-One)

    Set Up the VPN2S Address Mapping (One-to-One) In the VPN2S, go to WAN / Internet > WAN Setup. Click Configuration > WAN / Internet > WAN Setup > Choice WAN1 > Edit to open the follow screen. In the VPN2S, go to NAT >...

  • Page 50: Set Up The Vpn2S Address Mapping (Many-To-Many)

    Set Up the VPN2S Address Mapping (Many-to-Many) In the VPN2S, go to WAN / Internet > WAN Setup. Click Configuration > WAN / Internet > WAN Setup > Choice WAN1 > Edit to open the follow screen. In the VPN2S, go to NAT >...

  • Page 51: Set Up The Vpn2S Address Mapping (Many-To-One)

    Set Up the VPN2S Address Mapping (Many-to-one) In the VPN2S, go to WAN / Internet > WAN Setup. Click Configuration > WAN / Internet > WAN Setup > Choice WAN1 > Edit to open the follow screen. In the VPN2S, go to NAT >...

  • Page 52: How To Setup Policy Route To Force Vpn2S Clients Following Rules

    How to setup policy route to force VPN2S clients following rules This example shows how to create Policy Route. You want to LAN users bower Internet use different interface; however you won’t to use static route. Therefore we can use Policy Route to reach this purpose.

  • Page 53: Set Up The Policy Route To Force Vpn2S Clients Following Rules

    Set Up the policy route to force VPN2S clients following rules In the VPN2S, go to WAN / Internet > WAN Setup. Click Configuration > Routing > Policy Route to open the follow screen. Click Configuration > Routing > Policy Route > Add to open the follow screen.
  • Page 54 www.zyxel.com 54/63...

  • Page 55: How To Configure Content Filter By Category

    How to Configure Content Filter by Category This example shows how to block website by Content Filter on the VPN2s. The example instructs how to configure Content Filter. When the Content Filter is configured, each PC can’t not access media website.
  • Page 56 www.zyxel.com To Test Against Content Filter Category Server Click Configuration > Security Service > Content Filter > Profile Management > Add > Test Against Content Filter Category Server to open the follow screen Youtube is Recreation/Entertainment and Streaming Media & Downloads Select “Block”...

  • Page 57: Test The Content Filter

    www.zyxel.com Click Configuration > Security Service > Content Filter > Profile Management > Add > Managed Categories to open the follow screen To check “Entertainment” and “Streaming Media & Downloads” in Recreation Test the Content Filter Connect to https://www.youtube.com 57/63...

  • Page 58: How To Configure Bypass Website By Content Filter White List

    This example shows how to bypass website by Content Filter white list on the VPN2s. The example instructs how to configure Content Filter white list. When the Content Filter white list is configured, each PC cannot access media websites exclude white list web site.
  • Page 59 www.zyxel.com Click Configuration > Security Service > Content Filter > Profile Management > Add to open the follow screen Select “Block” in Recreation 59/63...

  • Page 60: Set Up The Content Filter White List

    This example shows how to bypass website by Content Filter black list on the VPN2s. The example instructs how to configure Content Filter black list. When the Content Filter black list is configured, each PC cannot access those websites.

  • Page 61: Set Up The Content Filter By Black List

    Set up the Content Filter by black list In the VPN2S, go to Security Service > Content Filter. Click Configuration > Security Service > Content Filter to open the follow screen. Then check “Enable Content Filter” and “Enable HTTPS Domain Filter for HTTPs traffic”...

  • Page 62: Set Up The Content Filter Black List

    www.zyxel.com Select “Allow” in all Category Set up the Content Filter black list To add Yahoo to black list Test block website by Content Filter black list Connect to https://tw.yahoo.com 62/63...
  • Page 63 www.zyxel.com 63/63...

Table of Contents