Configure Security Policies For The Vpn Tunnel; How To Configure User-Aware Access Control - ZyXEL Communications ISG50-ISDN User Manual

Chapter 7 General Tutorials
Enable the VPN connection and name it ("VPN_CONN_EXAMPLE"). Under VPN Gateway select
4
Site-to-site and the VPN gateway (VPN_GW_EXAMPLE). Under Policy, select LAN1_SUBNET
for the local network and VPN_REMOTE_SUBNET for the remote. Click OK.
Figure 85 Configuration > VPN > IPSec VPN > VPN Connection > Add
Now set up the VPN settings on the peer IPSec router and try to establish the VPN tunnel. To trigger
5
the VPN, either try to connect to a device on the peer IPSec router's LAN or click Configuration >
VPN > IPSec VPN > VPN Connection and use the VPN connection screen's Connect icon.

7.4.3 Configure Security Policies for the VPN Tunnel

You configure security policies based on zones. The new VPN connection was assigned to the
IPSec_VPN zone. By default, there are no security restrictions on the IPSec_VPN zone, so, next,
you should set up security policies (firewall rules, ADP, and so on) that apply to the IPSec_VPN
zone. Make sure all firewalls between the ISG50 and remote IPSec router allow UDP port 500 (IKE)
and IP protocol 50 (AH) or 51 (ESP). If you enable NAT traversal, all firewalls between the ISG50
and remote IPSec router should also allow UDP port 4500.

7.5 How to Configure User-aware Access Control

You can configure many policies and security settings for specific users or groups of users. This is
illustrated in the following example, where you will set up the following policies. This is a simple
116
ISG50 User's Guide