[PDF] [PDF] ZyWALL/USG Series Handbook - Geizhals Static Content

How to Configure IPSec Site to Site VPN while one Site is behind a NAT router Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network (HQ) www zyxel com Double-click the shortcut icon on your desktop It is the Type http://www pku edu cn/ or https://www rwth-aachen de/ into the browser, sites can' t be 



Previous PDF Next PDF





[PDF] ZyWALL USG Series Users Guide

4 4 ZyWALL IPSec VPN Client Configuration Provisioning 5 3 How to Use Multiple Static Public WAN IP Addresses for LAN-to-WAN Traffic Password System for strong two-factor authentication for Web Configurator, Web access, SSL VPN, Here full tunnel mode creates a virtual connection for a remote user and



[PDF] ZyWALL 5

Le ZyWALL 5 est une passerelle de sécurité idéale pour toutes les données passant entre Pour configurer une adresse IP statique, cliquez sur Utiliser Si vous avez plus de deux serveurs DNS, cliquez sur Avancé, adresses IP du matériel qui peut utiliser le tunnel VPN de temps la SA IPSec pourra tenir avant qu'il



[PDF] ZyWALL/USG/ATP /VPN Series Handbook

How to Configure Site-to-site IPSec VPN Where the Peer has a Static IP Address Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network (Branch) How to Configure Two Different WAN Interfaces with Different IP Type http:// www pku edu cn/ or https://www rwth-aachen de/ into the browser, sites can't be 



[PDF] ZyWALL USG Users Guide - Intesiscon

7 4 3 Configure Security Policies for the VPN Tunnel 7 12 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic 152 7 12 1 Create The ZyWALL lets you set up multiple networks for your company The De- Use IPSec, SSL to provide secure communication between two sites over the



[PDF] ZyWALL/USG Series Users Guide

Go to support zyxel com to find other information on ZyWALL/USG 16 2 2 Static DHCP Edit 21 5 USG IPSec VPN Client Configuration Provisioning Here full tunnel mode creates a virtual connection for a remote user and gives If you selected I have two ISPs, after you configure the First WAN Interface, you can 



[PDF] The Networking Expert - Etilize

ZyWALL USG 100 ZyWALL USG 100-PLUS iOS et Android) • Accès à distance sans effort de configuration Tunnels VPN IPSec simultanés max 2,000 1,000 La série ZyXEL XGS3700 dispose de deux modèles High Power PoE (modèles 24 ou 48 Filtre MAC statique, réacheminement MAC statique, MAC Freeze 



[PDF] ZyWALL/USG Series Handbook - Geizhals Static Content

How to Configure IPSec Site to Site VPN while one Site is behind a NAT router Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network (HQ) www zyxel com Double-click the shortcut icon on your desktop It is the Type http://www pku edu cn/ or https://www rwth-aachen de/ into the browser, sites can' t be 

[PDF] Contrôle n°1 sur repère du plan - Euler

[PDF] Ressources documentaires électroniques Accès hors campus via le

[PDF] Cours 1 - Structure électronique , Atomistique (1)

[PDF] Cours 1 - Structure électronique , Atomistique (1)

[PDF] chapitre-5-structure-atomique-et-proprietes-periodiques

[PDF] Configuration électronique

[PDF] chimie - alpha - UPEM

[PDF] atomes et molécules - Physagreg

[PDF] MacBook Air Guide de l 'utilisateur

[PDF] MacBook Air Guide de l 'utilisateur

[PDF] Guide de configuration des messages d 'alerte et des - Lexmark

[PDF] Les boîtes aux lettres électroniques professionnelles - Rectorat de

[PDF] CONFIGURATION D 'UN MODEM WIFI D- LINK

[PDF] Configuration du proxy dans Firefox

[PDF] Exercices Complémentaires - Serveur UNT-ORI

1/255 www.zyxel.com

ZyWALL/USG Series

ZyWALL 110 / 310 / 1100

USG40 / USG40W / USG60 / USG60W / USG110 /

USG210 / USG310 / USG1100 / USG1900

Security Firewalls

Firmware Version 4.13 ~ 4.15

Edition 1, 7/2016

Handbook

Default Login Details

LAN Port IP Address https://192.168.1.1

User Name admin

Password 1234

Copyright © 2016 ZyXEL Communications Corporation 2/255 www.zyxel.com

Table of Content

How to Configure Site-to-site IPSec VPN with Amazon VPC .................... 8 Set Up the IPSec VPN Tunnel on the Amazon VPC .............................. 9 Set Up the IPSec VPN Tunnel on the ZyWALL/USG ............................. 13 Test the IPSec VPN Tunnel ....................................................................... 17 What Could Go Wrong? ........................................................................ 18 How to Configure GRE over IPSec VPN Tunnel ......................................... 20 Set Up the ZyWALL/USG GRE over IPSec VPN Tunnel of Corporate

Network (HQ) ........................................................................................... 21

Set Up the ZyWALL/USG GRE over IPSec VPN Tunnel of Corporate

Network (Branch) .................................................................................... 25

Test the GRE over IPSec VPN Tunnel ...................................................... 30 What Could Go Wrong? ........................................................................ 30 How to Configure IPSec Site to Site VPN while one Site is behind a NAT

router ............................................................................................................ 32

Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network

(HQ) ........................................................................................................... 33

Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network

(Branch) .................................................................................................... 36

Set Up the NAT Router (Using ZyWALL USG device in this example) 40 Test the IPSec VPN Tunnel ....................................................................... 42 What Could Go Wrong? ........................................................................ 43 How to Configure L2TP over IPSec VPN while the ZyWALL/USG is behind a

NAT router .................................................................................................... 45

Set Up the L2TP VPN Tunnel on the ZyWALL/USG_HQ ........................ 46 Set Up the NAT Router (Using ZyWALL USG device in this example) 50 Test the L2TP over IPSec VPN Tunnel ...................................................... 52 What Could Go Wrong? ........................................................................ 55 How to configure if I want user can only see SSL VPN Login button in web

portal login page ........................................................................................ 57

Set Up the DNS Service ............................................................................ 58

Set Up the ZyWALL/USG SSL VPN Setting ............................................ 58 Set Up the ZyWALL/USG System Setting ................................................ 59 3/255 www.zyxel.com

Test the SSL VPN ....................................................................................... 60

How to Configure an SSL VPN Tunnel (with SecuExtender version 4.0.0.1) on the Windows 10 Operating System ...................................................... 64 Set up the SSL VPN Tunnel with Windows 10 ....................................... 64 What Can Go Wrong? ........................................................................... 68 How to redirect multiple LAN interface traffic to the VPN tunnel ........... 70 Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network

(HQ) ........................................................................................................... 71

Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network

(Branch) .................................................................................................... 74

Set up the Policy Route (ZyWALL/USG_HQ) ........................................ 77 Set up the Policy Route (ZyWALL/USG_Branch) ................................. 79 Test the IPSec VPN Tunnel ....................................................................... 80 What Could Go Wrong? ........................................................................ 82 How to Configure IPSec VPN Failover ....................................................... 84 Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network

(HQ) ........................................................................................................... 85

Set Up the ZyWALL/USG IPSec VPN Tunnel of Corporate Network

(Branch) .................................................................................................... 88

Set up the WAN Trunk (ZyWALL/USG_HQ) ........................................... 92 Set up the Failover Command Line (ZyWALL/USG HQ) .................... 93 Test the IPSec VPN Tunnel ....................................................................... 95 What Could Go Wrong? ........................................................................ 96 How to Create VTI and Configure VPN Failover with VTI ........................ 98

VTI Deployment Flow .............................................................................. 98

Set Up the ZyWALL/USG VTI of Corporate Network (HQ) ................. 99 Set Up the ZyWALL/USG VTI of Corporate Network (Branch) ........ 104 Test the IPSec VPN Tunnel .................................................................... 111 What Can Go Wrong? ......................................................................... 113 How to Import ZyWALL/USG Certificate for L2TP over IPsec in Android

mobile phone ............................................................................................ 115

Set Up the L2TP VPN Tunnel on the ZyWALL/USG .............................. 116 Export a Certificate from ZyWALL/USG and Import it to Android 4/255 www.zyxel.com

Mobile Phone ......................................................................................... 120

Set Up the L2TP VPN Tunnel on the Android Mobile Device ........... 121 Test the L2TP over IPSec VPN Tunnel .................................................. 124 What Could Go Wrong? ...................................................................... 126 How to Import ZyWALL/USG Certificate for L2TP over IPsec in IOS mobile

phone ......................................................................................................... 128

Set Up the L2TP VPN Tunnel on the ZyWALL/USG .............................. 129 Export a Certificate from ZyWALL/USG and Import it to iOS Mobile

Phone ...................................................................................................... 133

Set Up the L2TP VPN Tunnel on the iOS Mobile Device .................... 134 Test the L2TP over IPSec VPN Tunnel .................................................. 137 What Could Go Wrong? ...................................................................... 138 How to configure the USG when using a Cloud Based SIP system ...... 140

Set Up the SIP ALG ................................................................................. 141

Test result ................................................................................................ 142

What could go wrong? ........................................................................ 142 How to block HTTPS websites by Domain Filter without applying SSL

Inspection .................................................................................................. 143

Set Up the Content Filter on the ZyWALL/USG .................................. 144 Set Up the Security Policy on the ZyWALL/USG ................................ 146 Set Up the System Policy on the ZyWALL/USG .................................. 146

Test the Result ........................................................................................ 147

How to configure Content Filter 2.0 - Geo IP Blocking .......................... 149 Set Up the Address Objet with Geo IP on the ZyWALL/USG ........... 150 Set Up the Security Policy on the ZyWALL/USG ................................ 151

Test the Result ........................................................................................ 152

What could go wrong .......................................................................... 153 How to block the client accessing to certain country using Geo IP and

Content Filter ............................................................................................. 154

Check Geo IP License Status on the ZyWALL/USG ........................... 155 Set Up the Address Objet with Geo IP on the ZyWALL/USG ........... 155 Set Up the Security Policy on the ZyWALL/USG ................................ 156

Test the Result ........................................................................................ 158

5/255 www.zyxel.com How to set up Link Aggregation Group (LAG) ....................................... 160 Set up the Active-backup, 802.3ad, Balance-alb ........................... 160 Set up the active-backup mode. ...................................................... 164

Test the Result ........................................................................................ 166

What can go wrong ............................................................................. 166 How to Restrict Web Portal access from the Internet ............................ 167 Set Up the ZyWALL/USG System Setting .............................................. 168

Test the Web Access ............................................................................. 169

How to Setup and Configure Daily Report ............................................. 171 Set Up the ZyWALL/USG Email Daily Report Setting ........................... 172 Test the Daily Log Report ...................................................................... 173 What Could Go Wrong? ...................................................................... 174 How to Setup and Configure Email Logs ................................................ 175 Set Up the ZyWALL/USG Email Logs Setting ........................................ 176

Test the Email Log .................................................................................. 178

What Could Go Wrong? ...................................................................... 178 How to setup and send logs to a Syslog Server ..................................... 179 Set Up the Syslog Server (Use Papertrail syslog in this example) ....... 180 Set Up the ZyWALL/USG Remote Server Setting ................................. 182 Test the Remote Server ......................................................................... 183 What Could Go Wrong? ...................................................................... 184 How to setup and send logs to a Vantage Reports Server ................... 185

Set Up the VRPT Server .......................................................................... 186

Set Up the ZyWALL/USG Remote Server Setting ................................. 189 Test the Remote Server ......................................................................... 189 What Could Go Wrong? ...................................................................... 190 How to enable and send logs to the USB storage ................................. 191 Set Up the USB System Settings ............................................................. 192 Set Up the USB Log Storage .................................................................. 192 Check the USG Log Files ...................................................................... 193 How to create a Wi-Fi VLAN interfaces to separate staff network and

Guest network ........................................................................................... 194

6/255 www.zyxel.com Set up Wi-Fi VLAN interfaces ............................................................... 195

Test result. ............................................................................................... 202

What could go wrong .......................................................................... 203 How to Activate a Free Access Hotspot ................................................. 205 Set up the Free Access Hotspot .......................................................... 206 Test the User Agreement and Advertisement Webpage ............... 208 What could Go Wrong? ....................................................................... 209 Set up Enable the Free Time Feature ................................................. 210

Test Free Time Feature .......................................................................... 215

What Can Go Wrong? ......................................................................... 218 How to Enable Device HA Pro ................................................................. 220 Device HA Pro License ......................................................................... 221 Behavior of the Device HA Pro ........................................................... 222

Suggestions ............................................................................................ 224

How do I Configure Device HA Pro in My Current Environment? . 224 What can go wrong ............................................................................. 229 How to Set Up IPv6 Interfaces For Pure IPv6 Routing ............................. 231 Setting Up the IPv6 Interface ............................................................... 232 Set up the Prefix Delegation and Router Advertisement ............... 234

Test ........................................................................................................... 238

What Can Go Wrong? ......................................................................... 238

Test ........................................................................................................... 240

How to Perform and Use the Packet Capture Feature on the ZyWALL/USG

.................................................................................................................... 241

Set Up the Packet Capture Feature .................................................... 242 Check the Capture Files ...................................................................... 244 How to Automatically Reboot the ZyWALL/USG by Schedule ............. 246

Set Up the Shell Script ............................................................................ 247

Set Up the Schedule Run ...................................................................... 248 Check the Reboot Status ..................................................................... 249 How to continuously run a ZySH script .................................................... 251

Set Up the Shell Script ............................................................................ 252

7/255 www.zyxel.com Set Up the Schedule Run ...................................................................... 253

Check the Result ................................................................................... 254

8/255 www.zyxel.com How to Configure Site-to-site IPSec VPN with Amazon VPC This example shows how to use the VPN Setup Wizard to create a site-to-site VPN between a ZyWALL/USG and an Amazon VPC platform. The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be accessed securely. Figure 1 ZyWALL/USG Site-to-site IPSec VPN with Amazon VPC Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using USG110 (Firmware Version: ZLD 4.15) and Amazon

VPC (June, 2016).

9/255 www.zyxel.com

Set Up the IPSec VPN Tunnel on the Amazon VPC

1 Sign into the Amazon AWS Management Console. Go to Networking > VPC.

Figure 2 Amazon AWS Management Console > Networking > VPC

2 In the upper left-hand of the screen, click Start VPC Wizard.

Figure 3 Amazon VPC Management Console > Networking > VPC > Start VPC

Wizard

3 Select a VPC Configuration, select VPC with a Private Subnet Only and Hardware

VPN Access, and then click Select.

10/255

www.zyxel.com Figure 4 Select a VPC Configuration > VPC with a Private Subnet Only and Hardware

VPN Access

4 VPC with a Private Subnet Only and Hardware VPN, add your IP CIDR block and

Private subnet. Click Next.

Figure 5 VPC with a Private Subnet Only and Hardware VPN

11/255

www.zyxel.com

5 Configure your VPN, add your ZyWALL/USG public IP address into Customer

Gateway IP. Name your Customer Gateway name and VPN Connection name.

Click Create VPC at the bottom of the blade.

Figure 6Configure your VPN

6 In the VPC Dashboard, go to VPN Connections. Select Download Configuration from

the upper bar. Select Vendor and Platform to be Generic. Click Yes, Download.

12/255

www.zyxel.com

Figure 7 VPC Dashboard > VPN Connections

7 Open the downloaded configuration txt. file, it displays IKE SA, IPSec SA and

setting.

Figure 8 Configuration txt. File

13/255

www.zyxel.com

Set Up the IPSec VPN Tunnel on the ZyWALL/USG

In the ZyWALL/USG, go to CONFIGURATION > Quick Setup > VPN Setup Wizard, use the VPN Settings wizard to create a VPN rule that can be used with the

Amazon VPC. Click Next.

Figure 9 Quick Setup > VPN Setup Wizard > Welcome

Choose Advanced to create a VPN rule with the customize phase 1, phase 2 settings and authentication method. Click Next. Figure 10 Quick Setup > VPN Setup Wizard > Welcome > Wizard Type Type the Rule Name used to identify this VPN connection (and VPN gateway). You may use 1-31 alphanumeric characters. This value is case-sensitive. Select the rule to be Site-to-site. Click Next.

14/255

www.zyxel.com Figure 11 Quick Setup > VPN Setup Wizard > Wizard Type > VPN Settings (Scenario) Then, configure the Secure Gateway H3 MV POH SHHU $PM]RQ 93F·V *MPHRM\ H3 address (in the example, 52.39.135.203); select My Address to be the interface connected to the Internet. Set the Negotiation, Encryption, Authentication, Key Group and SA Life Time which Amazon VPC supports. Type a secure Pre-Shared Key. Figure 12 Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings (Phase 1 Setting)

15/255

www.zyxel.com Continue to Phase 2 Settings to select the Encapsulation, Encryption, Authentication, and SA Life Time settings which Amazon VPC supports. Set Local Policy to be the IP address range of the network connected to the ZyWALL/USG and Remote Policy to be the IP address range of the network connected to the Amazon VPC. Click OK. Figure 13 Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN

Settings (Phase 2 Setting)

This screen provides a read-only summary of the VPN tunnel. Click Save. Figure 14 Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN

Settings (Summary)

16/255

www.zyxel.com Now the rule is configured on the ZyWALL/USG. The Phase 1 rule settings appear in the VPN > IPSec VPN > VPN Gateway screen and the Phase 2 rule settings appear in the VPN > IPSec VPN > VPN Connection screen. Click Close to exit the wizard. Figure 15 Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN

Settings > Wizard Completed

17/255

www.zyxel.com

Test the IPSec VPN Tunnel

Go to ZyWALL/USG CONFIGURATION > VPN > IPSec VPN > VPN Connection, click Connect on the upper bar. The Status connect icon is lit when the interface is connected. Figure 16 CONFIGURATION > VPN > IPSec VPN > VPN Connection Go to ZyWALL/USG MONITOR > VPN Monitor > IPSec and verify the tunnel Up Time and the Inbound(Bytes)/Outbound(Bytes) traffic.

18/255

www.zyxel.com

Figure 17 MONITOR > VPN Monitor > IPSec

To test whether or not a tunnel is working, ping from a Local LAN to AWS VPC private Subnet for verification. Ensure that both computers have Internet access. Figure 18 Ping from Local LAN to AWS VPC private Subnet for verification:

What Could Go Wrong?

If you see below [info] or [error] log message, please check ZyWALL/USG Phase

1 Settings. Make sure your ZyWALL/USG Phase 1 Settings are supported in the

Amazon VPC IKE Phase 1 setup list.

Figure 19 MONITOR > Log

19/255

www.zyxel.com If you see that Phase 1 IKE SA process done but still get below [info] log message, please check ZyWALL/USG Phase 2 Settings. Make sure your ZyWALL/USG Phase

2 Settings are supported in the Amazon VPC IKE Phase 2 setup list.

Figure 20 MONITOR > Log

20/255

www.zyxel.com

How to Configure GRE over IPSec VPN Tunnel

This example shows how to use the VPN Setup Wizard to create a GRE over IPSec VPN tunnel between ZyWALL/USG devices. The example instructs how to configure the VPN tunnel between each site. When the GRE over IPSec VPN tunnel is configured, each site can be accessed securely.

Figure 21 ZyWALL/USG GRE over IPSec VPN

Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using USG110 (Firmware Version: ZLD 4.15) and ZyWALL 310 (Firmware Version: ZLD 4.15).

21/255

www.zyxel.com Set Up the ZyWALL/USG GRE over IPSec VPN Tunnel of

Corporate Network (HQ)

In the ZyWALL/USG, go to CONFIGURATION > Quick Setup > VPN Setup Wizard, use the VPN Settings wizard to create a VPN rule that can be used with the

FortiGate. Click Next.

Figure 22 Quick Setup > VPN Setup Wizard > Welcome Choose Express to create a VPN rule with the default phase 1 and phase 2 settings and use a pre-shared key to be the authentication method. Click Next. Figure 23 Quick Setup > VPN Setup Wizard > Wizard Type

22/255

www.zyxel.com Type the Rule Name used to identify this VPN connection (and VPN gateway). You may use 1-31 alphanumeric characters. This value is case-sensitive. Select the rule to be Site-to-site. Click Next. Figure 24 Quick Setup > VPN Setup Wizard > Wizard Type > VPN Settings (Scenario) Configure Secure Gateway H3 MV POH %UMQŃO·V J$1 H3 MGGUHVV LQ POH H[MPSOH

111.250.184.80). Then, type a secure Pre-Shared Key (8-32 characters).

Set Local Policy to be the IP address range of the network connected to the ZyWALL/USG (HQ) and Remote Policy to be the IP address range of the network connected to the ZyWALL/USG (Branch). Figure 25 Quick Setup > VPN Setup Wizard > Wizard Type > VPN Settings (Configuration)

23/255

www.zyxel.com This screen provides a read-only summary of the VPN tunnel. Click Save. Figure 26 Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings (Summary) Now the rule is configured on the ZyWALL/USG. The Phase 1 rule settings appear in the VPN > IPSec VPN > VPN Gateway screen and the Phase 2 rule settings appear in the VPN > IPSec VPN > VPN Connection screen. Click Close to exit the wizard. Figure 27 Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN

Settings > Wizard Completed

24/255

www.zyxel.com Go to CONFIGURATION > VPN > IPSec VPN > VPN Gateway > Show Advanced Settings. Configure Authentication > Peer ID Type as Any to let the ZyWALL/USG does not require to check the identity content of the remote IPSec router. Figure 28 CONFIGURATION > VPN > IPSec VPN > VPN Gateway > Show Advanced

Settings > Authentication > Peer ID Type

Go to CONFIGURATION > VPN > IPSec VPN > VPN Connection > Show Advanced

Settings > Policy. Select Enable GRE over IPSec.

Figure 29 CONFIGURATION > VPN > IPSec VPN > VPN Connection > Show

Advanced Settings > Policy

The GRE tunnel runs between the IPsec public interface on the HQ unit and the Branch unit. Go to CONFIGURATION > Network > Interface > Tunnel > Add. Enter the Interface Name (The format is tunnelx, where x is 0 - 3.). Enter the IP Address and Subnet Mask for this interface. Specify My Address to be the interface or IP address to use as the source address for the packets this interface tunnels to the remote gateway. Enter Remote Gateway Address to be the IP address or domain name of the remote gateway to this tunnel traffic.

25/255

www.zyxel.com Figure 30 CONFIGURATION > Network > Interface > Tunnel > Add Set Up the ZyWALL/USG GRE over IPSec VPN Tunnel of

Corporate Network (Branch)

In the ZyWALL/USG, go to CONFIGURATION > Quick Setup > VPN Setup Wizard, use the VPN Settings wizard to create a VPN rule that can be used with the

FortiGate. Click Next.

Figure 31 Quick Setup > VPN Setup Wizard > Welcome

26/255

www.zyxel.com Choose Express to create a VPN rule with the default phase 1 and phase 2 settings and use a pre-shared key to be the authentication method. Click Next. Figure 32 Quick Setup > VPN Setup Wizard > Wizard Type Type the Rule Name used to identify this VPN connection (and VPN gateway). You may use 1-31 alphanumeric characters. This value is case-sensitive. Select the rule to be Site-to-site. Click Next. Figure 33 Quick Setup > VPN Setup Wizard > Wizard Type > VPN Settings (Scenario) Configure Secure Gateway H3 MV POH +4·V J$1 H3 MGGUHVV LQ POH H[MPSOH

61.228.245.247). Then, type a secure Pre-Shared Key (8-32 characters).

27/255

www.zyxel.com Set Local Policy to be the IP address range of the network connected to the ZyWALL/USG (Branch) and Remote Policy to be the IP address range of the network connected to the ZyWALL/USG (HQ). Figure 34 Quick Setup > VPN Setup Wizard > Wizard Type > VPN Settings (Configuration) This screen provides a read-only summary of the VPN tunnel. Click Save. Figure 35 Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings (Summary) Now the rule is configured on the ZyWALL/USG. The Phase 1 rule settings appear in the VPN > IPSec VPN > VPN Gateway screen and the Phase 2 rule settings

28/255

www.zyxel.com appear in the VPN > IPSec VPN > VPN Connection screen. Click Close to exit the wizard. Figure 36 Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN

Settings > Wizard Completed

Go to CONFIGURATION > VPN > IPSec VPN > VPN Gateway > Show Advanced Settings. Configure Authentication > Peer ID Type as Any to let the ZyWALL/USG does not require to check the identity content of the remote IPSec router. Figure 37 CONFIGURATION > VPN > IPSec VPN > VPN Gateway > Show Advanced

Settings > Authentication > Peer ID Type

Go to CONFIGURATION > VPN > IPSec VPN > VPN Connection > Show Advanced

Settings > Policy. Select Enable GRE over IPSec.

29/255

www.zyxel.com Figure 38 CONFIGURATION > VPN > IPSec VPN > VPN Connection > Show

Advanced Settings > Policy

The GRE tunnel runs between the IPsec public interface on the Branch unit and the HQ unit. Go to CONFIGURATION > Network > Interface > Tunnel > Add. Enter the Interface Name (The format is tunnelx, where x is 0 - 3.). Enter the IP Address and Subnet Mask for this interface. Specify My Address to be the interface or IP address to use as the source address for the packets this interface tunnels to the remote gateway. Enter Remote Gateway Address to be the IP address or domain name of the remote gateway to this tunnel traffic. Figure 39 CONFIGURATION > Network > Interface > Tunnel > Add

30/255

www.zyxel.com

Test the GRE over IPSec VPN Tunnel

Go to ZyWALL/USG CONFIGURATION > VPN > IPSec VPN > VPN Connection, click Connect on the upper bar. The Status connect icon is lit when the interface is connected. Figure 40 CONFIGURATION > VPN > IPSec VPN > VPN Connection Go to ZyWALL/USG MONITOR > VPN Monitor > IPSec and verify the tunnel Up Time and Inbound (Bytes)/Outbound (Bytes) Traffic.

Figure 41 MONITOR > VPN Monitor > IPSec

What Could Go Wrong?

If you see below [info] or [error] log message, please check ZyWALL/USG Phase

1 Settings. Make sure your ZyWALL/USG Phase 1 Settings are supported in the

Amazon VPC IKE Phase 1 setup list.

Figure 42 MONITOR > Log

31/255

www.zyxel.com If you see that Phase 1 IKE SA process done but still get below [info] log message, please check ZyWALL/USG Phase 2 Settings. Make sure your ZyWALL/USG Phase

2 Settings are supported in the Amazon VPC IKE Phase 2 setup list.

Figure 43 MONITOR > Log

32/255

www.zyxel.com How to Configure IPSec Site to Site VPN while one Site is behind a NAT router This example shows how to use the VPN Setup Wizard to create a IPSec Site to Site VPN tunnel between ZyWALL/USG devices. The example instructs how to configure the VPN tunnel between each site while one Site is behind a NAT router. When the IPSec Site to Site VPN tunnel is configured, each site can be accessed securely. Figure 44 ZyWALL/USG Site to Site VPN while one Site is behind a NAT router Note: All network IP addresses and subnet masks are used as examples in this article.quotesdbs_dbs14.pdfusesText_20