ZyXEL Communications ZyWALL USG 2000 User Manual page 132

Chapter 7 Tutorials
• My Address: 10.0.0.1
• Peer Gateway Address: 10.0.0.2
VPN Connection (VPN Tunnel 1):
• Local Policy: 192.168.168.0~192.168.169.255
• Remote Policy:192.168.167.0/255.255.255.0
• Disable Policy Enforcement
VPN Gateway (VPN Tunnel2):
• My Address: 10.0.0.1
• Peer Gateway Address: 10.0.0.3
VPN Connection (VPN Tunnel 2):
• Local Policy: 192.168.167.0~192.168.168.255
• Remote Policy: 192.168.169.0/255.255.255.0
• Disable Policy Enforcement
Branch Office B (ZyWALL USG):
VPN Gateway:
• My Address: 10.0.0.3
• Peer Gateway Address: 10.0.0.1
VPN Connection:
• Local Policy: 192.168.169.0/255.255.255.0
• Remote Policy: 192.168.167.0~192.168.168.255
• Disable Policy Enforcement
7.5.0.1 Hub-and-spoke VPN Requirements and Suggestions
Consider the following when implementing a hub-and-spoke VPN.
• This example uses a wide range for the ZyNOS-based ZyWALL's remote
network, to use a narrower range, see
example of configuring a VPN concentrator.
• The local IP addresses configured in the VPN rules should not overlap.
• The hub router must have at least one separate VPN rule for each spoke. In the
local policy, specify the IP addresses of the hub-and-spoke networks with which
the spoke is to be able to have a VPN tunnel. This may require you to use more
than one VPN rule.
132
Section 25.4.1 on page 465
ZyWALL USG 2000 User's Guide
for an