An example of Site to Site VPN

Zyxel_Charlie
Zyxel_Charlie Posts: 1,034  Zyxel Employee
50 Answers 500 Comments Friend Collector Fourth Anniversary
edited June 2022 in VPN
To setup this scenario you need to configure the following in both ZyWALL USG’s:

Address object for remote subnet.
VPN Gateway.
VPN Connection.
After configuring these three things on both ZyWALL USG’s, you will have established the connection.

Configuration on Branch site:

Creating the address objects
Go to Configuration > Object > Address and click the Add button.
Now create a Subnet address that contains the LAN Subnet of the opposite ZyWALL USG as shown in the picture below:

Creating VPN Gateway
Go to Configuration > VPN > IPSec VPN > VPN Gateway and click the Add button. You need to make sure the Gateway is enabled. Fill in the Interface field with the WAN IP of the ZyWALL USG 100. For Peer Gateway Address you should chose Static Address and type in the remote ZyWALL USG 200 WAN IP. You also need to type in a Pre-Shared Key of the VPN connection. This key should match that of the remote ZyWALL USG 200.

Creating VPN Connection
Go to Configuration > VPN > IPSec VPN > VPN Connection and click the Add button. Enable the Connection. Under Application Scenario chose Site-to-site. Make sure that you select the correct VPN Gateway, in this case Headquarters. In Local policy select the LAN Subnet of the ZyWALL USG 100. In Remote policy you need to select the Address object created earlier in this guide.

You have now finished the required configurations on the ZyWALL USG 100.

Configuration on HQ Site.
Creating the address objects
Go to Configuration > Object > Address and click the Add button.
Now create a Subnet address that contains the LAN Subnet of the opposite ZyWALL USG as shown in the picture below:

Creating VPN Gateway
Go to Configuration > VPN > IPSec VPN > VPN Gateway and click the Add button. You need to make sure the Gateway is enabled. Fill in the Interface field with the WAN IP of the ZyWALL USG 200. For Peer Gateway Address you should chose Static Address and type in the remote ZyWALL USG 100 WAN IP. You also need to type in a Pre-Shared Key of the VPN connection. This key should match that of the remote ZyWALL USG 100.

Creating VPN Connection
Go to Configuration > VPN > IPSec VPN > VPN Connection and click the Add button. Enable the Connection. Under Application Scenario chose Site-to-site. Make sure that you select the correct VPN Gateway, in this case Branch_Office. In Local policy select the LAN Subnet of the ZyWALL USG 200. In Remote policy you need to select the Address object created earlier in this guide.

Establish connection
Both ZyWALL USG’s are now configured. The only thing left, is to establish the VPN connection. This can be done manually by selecting your VPN connection and clicking the Connect button in Configuration > VPN > IPSec VPN > VPN Connection. Alternatively you can edit the VPN Connection rule, click Show Advance Settings and enable Nailed-Up. With Nailed-Up enabled the VPN tunnel will connect up automatically when the ZyWALL USG boots up.
All devices at the Branch Office will now be able to access devices and computers on the Headquarters subnet and vice versa.


Tagged: