ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

48

when peer VPN entity also support NAT Traversal function. If yes, the IPSec traffic will be

encapsulated in UDP packet to avoid traversal problem on NAT routers.

4) Under VPN->Gateway Policy-> Gateway Policy Information configure the private IP address as

“My Address” on local ZyWALL gateway (behind NAT router).

5) On peer VPN gateway, use the public WAN IP address of NAT Router as the “Remote Gateway

Address” of Gateway Policy rule.

The ID must be consistent no matter if IP/DNS/EMAIL is used. So long as if the ID Type and content are

consistent on both VP entities.

Mapping multiple Network policy to same gateway policy

This section describes an example configuration to map multiple (different) network policies to same

gateway policy which is built between two VPN gateways. Different network policies allow user in one

network to access multiple destination networks which are not in the continuous range. The other feature

of this application is to limit some users to access some specific destination and prevent others from

accessing the same network.

In following example, the owner of PC1 belongs to financial department and needs to connect to the

financial department (Dept.1) for business sensitive application. PC2 belongs to other group (Dept.2) and

need to access Dept.2 .

Internet

PC1

PC2

VPN tunnel 1

VPN tunnel 2

GW1

GW2

IPSec

Tunnel

IPSec Tunnel 2

IPSec

Tunnel

IPSec Tunnel 1

IPSec Tunnel

IKE Tunnel

PC 1

PC 2

Traffic (PC1 <– > Dept1)

Traffic (PC2 <–> Dept2)

IPSec

Tunnel

IPSec Tunnel 2

IPSec

Tunnel

IPSec Tunnel 1

Dept. 1

Dept. 2

Dept. 1

Dept. 2

PC 1

PC 2

GW1

GW2