Figure 219 Overlap In A Dynamic Vpn Rule - ZyXEL Communications ZYWALL 35 User Manual

Chapter 18 IPSec VPN
18.14.1.1 Dynamic VPN Rule
Local and remote network IP addresses can overlap when you configure a dynamic VPN rule
for a remote site (see
configure the local network as 192.168.1.0/24 and the remote network as any (0.0.0.0). The
"any" includes all possible IP addresses. It will forward traffic from network A to network B
even if both the sender (for example 192.168.1.8) and the receiver (for example 192.168.1.9)
are in network A. Note that the remote access can still use the VPN tunnel to access computers
on ZyWALL X's network.

Figure 219 Overlap in a Dynamic VPN Rule

192.168.1.0/24
• Setting Local and Remote IP Address Conflict Resolution to The Local Network
has the ZyWALL X check if a packet's destination is also at the local network before
forwarding the packet. If it is, the ZyWALL sends the traffic to the local network.
• Setting Local and Remote IP Address Conflict Resolution to The Remote
Network disables the checking for local network IP addresses.
18.14.1.2 IP Alias
You could have an IP alias network that overlaps with the VPN remote network (see
220). For example, you have an IP alias network M (10.1.2.0/24) in ZyWALL X's LAN. For
the VPN rule, you configure the VPN network as follows.
• Local IP address start: 192.168.1.1, end: 192.168.1.254
• Remote IP address start: 10.1.2.240, end: 10.1.2.254
• IP addresses 10.1.2.240 to 10.1.2.254 overlap.
386
Figure 219). For example, when you configure ZyWALL X, you
0.0.0.0
ZyWALL 5/35/70 Series User's Guide
Figure