15 vpn and remote management, 16 hub-and-spoke vpn, Figure 188 vpn for remote management example – ZyXEL Communications 5 Series User Manual

ZyWALL 5/35/70 Series User’s Guide

358

Chapter 18 IPSec VPN

18.15 VPN and Remote Management

You can allow someone to use a service (like Telnet or HTTP) through a VPN tunnel to
manage the ZyWALL. One of the ZyWALL’s ports must be part of the VPN rule’s local
network. This can be the ZyWALL’s LAN port if you do not want to allow remote
management on the WAN port. You also have to configure remote management (REMOTE
MGMT) to allow management access for the service through the specific port.

In the following example, the VPN rule’s local network (A) includes the ZyWALL’s LAN IP
address of 192.168.1.7. Someone in the remote network (B) can use a service (like HTTP for
example) through the VPN tunnel to access the ZyWALL’s LAN interface. Remote
management must also be configured to allow HTTP access on the ZyWALL’s LAN interface.

Figure 188 VPN for Remote Management Example

18.16 Hub-and-spoke VPN

Hub-and-spoke VPN connects VPN tunnels to form one secure network.

Figure 189 on page 359

shows some example network topologies. In the first (fully-meshed)

approach, there is a VPN connection between every pair of routers. In the second (hub-and-
spoke) approach, there is a VPN connection between each spoke router (B, C, D, and E) and
the hub router (A). The hub router routes VPN traffic between the spoke routers and itself.

Local ID Content: [email protected]

Peer ID Content: [email protected]

Local IP Address: 192.168.4.15

Remote Gateway Address:
telecommuterc.dydns.org

Remote Address 192.168.4.15

Table 103 Telecommuters Using Unique VPN Rules Example

TELECOMMUTERS

HEADQUARTERS