Ipsec tunnel – ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

123

Access control and security VPN connection (Security policy enforcement IPSec)

Setup ZyWALL VPN with access control - Firewall

Setup ZyWALL VPN with web filtering rule – Content Filter

Normally, the traffic transmitted between VPN tunnel is treated as security connection due on multi

authentication and encryption methods. Thus, the security gateway won’t inspect the VPN traffic because

the traffic sending with cipher text format not in plaintext. The enhanced algorithm we adopted is

ZyWALL can inspect the VPN packet before encrypt or after decrypt the packet sending to or receiving

from VPN tunnel.

Check

SPD

Encrypt

Packet

Decrypt

Packet

Routing

Routing

IPSec Tunnel

packet

IPSec Local Gateway

IPSec Remote Gateway

FW

IDP

AV

AS

FW

IDP

AV

AS

How to configure access control rule over VPN

1.

Log into the web configurator on the ZyWALL. In a web browser, enter the IP address (the

default is 192.168.1.1) of your ZyWALL in the Address field. A screen displays, enter the

administrative login password (1234 is the default).

2.

Access control in VPN tunnel application can be enforced via Firewall feature. Switch to

Security>Firewall menu to configure the traffic from VPN or to VPN access control rule.