ZyXEL Communications 2WG User Manual
Page 48
ZyWALL 2WG Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation.
48
when peer VPN entity also support NAT Traversal function. If yes, the IPSec traffic will be
encapsulated in UDP packet to avoid traversal problem on NAT routers.
4) Under VPN->Gateway Policy-> Gateway Policy Information configure the private IP address as
“My Address” on local ZyWALL gateway (behind NAT router).
5) On peer VPN gateway, use the public WAN IP address of NAT Router as the “Remote Gateway
Address” of Gateway Policy rule.
The ID must be consistent no matter if IP/DNS/EMAIL is used. So long as if the ID Type and content are
consistent on both VP entities.
Mapping multiple Network policy to same gateway policy
This section describes an example configuration to map multiple (different) network policies to same
gateway policy which is built between two VPN gateways. Different network policies allow user in one
network to access multiple destination networks which are not in the continuous range. The other feature
of this application is to limit some users to access some specific destination and prevent others from
accessing the same network.
In following example, the owner of PC1 belongs to financial department and needs to connect to the
financial department (Dept.1) for business sensitive application. PC2 belongs to other group (Dept.2) and
need to access Dept.2 .
Internet
PC1
PC2
VPN tunnel 1
VPN tunnel 2
GW1
GW2
IPSec
Tunnel
IPSec Tunnel 2
IPSec
Tunnel
IPSec Tunnel 1
IPSec Tunnel
IKE Tunnel
PC 1
PC 2
Traffic (PC1 <– > Dept1)
Traffic (PC2 <–> Dept2)
IPSec
Tunnel
IPSec Tunnel 2
IPSec
Tunnel
IPSec Tunnel 1
Dept. 1
Dept. 2
Dept. 1
Dept. 2
PC 1
PC 2
GW1
GW2