I am planning my ZyWALL-to-ZyWALL VPN configuration. What do I need to know?
First of all, both ZyWALL must have VPN capabilities. Please check the firmware version, V3.50 or later has the VPN capability. If your ZyWALL is capable of VPN, you can find the VPN options in Advanced>VPN tab. For configuring a ‘box-to-box VPN’, there are some tips: If there is a NAT router running in the front of ZyWALL, please make sure the NAT router supports to pass through IPSec. In NAT case (either run on the frond end router, or in ZyWALL VPN box), only IPSec ESP tunneling mode is supported since NAT against AH mode. Source IP/Destination IP– Please do not number the LANs (local and remote) using the same exact range of private IP addresses. This will make VPN destination addresses and the local LAN addresses are indistinguishable, and VPN will not work. Secure Gateway IP Address — This must be a public, routable IP address, private IP is not allowed. That means it can not be in the 10.x.x.x subnet, the 192.168.x.x subnet, nor in the range 172.16.0.0 – 172.31.255.255 (these
