Star-Mesh Mixed Topology - ZyXEL Communications ZYWALL USG 2000 Support Notes

1.4.3 Star-Mesh Mixed Topology

Frankfurt
London
In a Star-mesh mixed VPN topology, ZyWALL USG2000 acts as a regional central site
(enabling Hub & Spoke VPN) and spoke sites can be any model of ZyWALL series. The
Star – Mesh Mixed Topology is well suited for an enterprise having a regional operation
center acting as a regional hub and spoke VPN network in the area. The connection between
each regional operation center will be backbone VPN tunnel. To ensure the communication
continuity, we can use VPN HA (secondary security gateway) to configure a backup VPN
tunnel in case the primary VPN connection failure.
We use the below presented network topology to explain how to configure Star-Mesh
Mixed Topology between all the ZyWALL series devices. The ZyWALL USG2000 act as a
Regional Center devices whereas ZyWALL 2 Plus, 5, 35 and 70 are the regional remote sites'
devices which are building VPN tunnel back to the Regional Center and provide connection
with the other area remote nodes via the VPN tunnel between the two Regional Centers.
All contents copyright (c) 2008 ZyXEL Communications Corporation.
In a Star-Mesh mixed VPN topology,
any user in a spoke site (in here it's
Frankfurt) can access the resources
on another spoke site (London) via the
EU central site – Amsterdam
Backbone tunnel
EU Central site
Amsterdam
If an user in London site needs to access resources
outside the EU sites, i.e. Tokyo site, the traffic will be
routed to the Asia central site (Singapore) then again
routed to the final destination – Tokyo spoke site
ZyWALL USG 2000 Support Notes
Asia Central site
Singapore
Backup tunnel
Taipei
An user in a spoke site
(in here it's Taipei) can
access the resources
on regional central
site – Singapore
Tokyo
83