How to Configure IPSec Site to Site VPN while one Site is behind a NAT router

Zyxel_Kevin

This example shows how to use the VPN Setup Wizard to create a site-to-site VPN with the Peer gateway is ZLD device. The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be accessed securely.

Set up IPSec VPN Tunnel for uOS

VPN > Site to Site VPN > Scenario

Type the VPN name used to identify this VPN connection. Select the type to the Site-to-Site. Click Next.

VPN > Site to Site VPN > Scenario > Network

Configure My Address and Peer Gateway Address. Click Next.

VPN > Site to Site VPN > Scenario > Network > Authentication

Type a secure Pre-Shared Key. Click Next

VPN > Site to Site VPN > Scenario > Network > Authentication > Policy & Routing

Set Local Subnet to be the IP address of the network connected to be Zywall and Remote Subnet to be the IP address of the network connected to the peer Zywall.

VPN > Site to Site VPN > Scenario > Network > Authentication > Policy & Routing > Summary

The screen provides a summary of the VPN tunnel. You can Edit it if you want to modify.

Set up IPSec VPN Tunnel for ZLD

VPN > IPSec VPN > VPN Gateway

Select the WAN interface and type the Peer Gateway Address.

Type Pre-shared Key. The default proposal which created by wizard is
“Encryption:AES128, Authentication:SHA1, Key Group:DH2”. Those are the same as uOS.

VPN > IPSec VPN > VPN Connection

Select VPN Gateway and set Local Subnet to be the IP address of the network connected to be Zywall and Remote Subnet to be the IP address of the network connected to the peer Zywall.

The default proposal which created by wizard is
“Encryption:AES128, Authentication:SHA1, Key Group:DH2”. Those are the same as uOS.

Test IPSec VPN Tunnel

Go to VPN Status > IPSec VPN

Verify the IPSec VPN status

PC to Brance Office > Win 11 > cmd > ping 192.168.2.34