ZyXEL Communications ZYWALL USG 2000 Support Notes page 16

7) Create VPN by selecting ZyWALL > VPN > IPSec VPN > VPN Connection > Edit. As
for more detail, user can refer to the user guide to complete the rest of the settings for VPN
tunnel.
8) The ZyWALL1050 and ZyWALL USG 2000 VPN are route-based VPN. This means the
VPN tunnel can be an interface to route the VPN traffic. Thus, we need to configure a
policy route for VPN traffic from the local subnet to the remote subnet after configuring
the VPN gateway and connection (phase1 and phase2). The purpose of this policy route is
to tell the ZyWALL1050 to send the traffic to VPN tunnel when the traffic flows from the
local subnet to a destination that is in the remote subnet. Switch to ZyWALL 1050 >
Network > Routing > Policy Route and add a new policy route. The source and the
destination addresses are the local and remote subnets. The Next-Hop type is VPN tunnel.
Then choose the corresponding VPN connection rule from the VPN tunnel drop down
menu. Now, the VPN tunnel and routing is configured and user can start to test it.
Tips for application:
1. Make sure the presharekey is the same in both local and remote gateways.
2. Make sure the IKE & IPSec proposal is the same in both local and remote gateways.
All contents copyright (c) 2008 ZyXEL Communications Corporation.
ZyWALL USG 2000 Support Notes
16