ZyXEL Communications ZYWALL USG 1000 Support Notes page 128

Encapsulation
Active
Protocol
Encryption
Authentication
PFS
See the following step-by-step configuration:
1. Configuration on ZyWALL USG-A
(1) LAN/WAN Network Setting
Login ZyWALL USG-A's GUI, go to menu Configuration > Network > Interface. Modify
ge2's IP address to 59.124.163.154 with subnet 255.255.255.224 and gateway 59.124.163.129.
Secondly, modify interface "ge1" to be as LAN network. Here we keep to use the default IP
address "192.168.1.0" with subnet 255.255.255.0. Moreover, configure the DHCP setting as a
DHCP server with the IP poor starting address, pool size accordingly and the proper DNS
server IP address which will apply to LAN PCs automatically. (By default, the "first DNS
server" is configured as "from ISP". Since we configure the static IP address for ge2(WAN), it
won't automatically get any DNS setting from ISP. So we have to change it to "Custom
Defined" and enter a proper DNS server's IP address.)
(2). Dynamic VPN Setting with SNAT
Step1. Create Address Objects for further configuration
1. Go to menu Configuration > Network > Object > Address
2. Create one address for the local VPN network by clicking '+' icon
Name: Local_192_168_1
Subnet, 192.168.1.0/255.255.255.0
3. Create another one for the remote VPN network
Name: Remote_192_168_3
Subnet, 192.168.3.0/255.255.255.0
4. Create another one for the network behind ZyWALL USG-A performing SNAT
Name: Local_192_168_30
Subnet, 192.168.30.0/255.255.255.0
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Tunnel
ESP
DES
SHA1
NONE
ZyWALL USG 1000 Support Notes
Tunnel
ESP
DES
SHA1
NONE
Tunnel
ESP
DES
SHA1
NONE
128