ZyXEL Communications ZYWALL USG 1000 Support Notes page 22

ZyWALL70 local and remote policies are 192.168.2.0 and 192.168.1.0 and the traffic
from 192.168.2.X subnet to 192.168.1.X subnet will go through the VPN tunnel to the
remote site as predefined. The ZyWALL USG 1000 local and remote policies must be
reverse to the ZyWALL70's settings, otherwise the tunnel will not be built up.
7) Check whether the IPSec proposal on both sites is the same and the configuration is done
on both sites.
8) The ZyWALL USG 1000 VPN is a route-based VPN, this means the VPN tunnel can be an
interface to route the VPN traffic. Thus, we need to configure a policy route for VPN
traffic from the local subnet to the remote subnet after configuring the VPN gateway and
the connection (phase1 and phase2). The purpose for this policy route is to tell the
ZyWALL USG 1000 to send the traffic to the VPN tunnel when the traffic goes from the
local subnet to the destination that is in a remote subnet. Switch to Configuration > Policy
> Route > Policy Route and add a new policy route, the source and destination address
are the local and remote subnet and the Next-Hop type is a VPN tunnel. Then choose the
corresponding VPN connection rule from the VPN tunnel drop down menu. Now, the VPN
All contents copyright (c) 2007 ZyXEL Communications Corporation.
ZyWALL USG 1000 Support Notes
5
7
6
22