ZyXEL Communications ZYWALL 1050 Support Notes page 134

[0] crypto map IPsec1
[1] ipsec-isakmp IKE1
[2] encapsulation tunnel
[3] transform-set esp-des-sha
[4] set security-association lifetime seconds 86400
[5] set pfs none
[6] no policy-enforcement
[7] local-policy Local_192_168_1
[8] remote-policy Remote_ANY
[9] no nail-up
[10] no replay-detection
[11] no netbios-broadcast
[12] no out-snat activate
[13] in-snat activate
[14] in-snat source Remote_192_168_3 destination Local_192_168_1
snat Local_192_168_30
[15] no in-dnat activate
(3) Add a policy route
1. Go to GUI menu Configuration > Policy > Route > Policy Route tab
2. By default, there is one policy route already to indicate all packets which is sent from
LAN to any network will be passed through WAN_TRUNK. This is also to direct IKE
packet to WAN and trigger the VPN tunnel then.
3. Click the '+' icon to add another new policy route which will be used to route traffic from
ZyWALL -B to return via original path.
4. Define that all the traffic from 192.168.1.0 network that wants to go to 192.168.31.0
routed by the gateway, the host of 192.168.1.254. The configuration is as shown below.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
ZyWALL 1050/ZyWALL USG 300 Support Notes
134