ZyXEL Communications ZYWALL 70 - V4.04 Podręcznik Użytkownika Pobierz pdf (Strona 102)

Appendix 10 VPN Local IP Address Limitation

ZyWALL B

IP Alias

1.1.2.0/24

LAN

1.1.1.0/24

LAN

1.1.2.0/28

WAN

1.1.1.33

1.1.2.250

ZyWALL A

Figure 1

There is a limitation when you configure the VPN network policy to use any Local

IP address. When you set the Local address to 0.0.0.0 and the Remote address to include

any interface IP of the ZyWALL at the same time, it may cause the traffic related to

remote management or DHCP between PCs and the ZyWALL to work incorrectly. This is

because the traffic will all be encrypted and sent to WAN.

For example, you configure a VPN rule on the ZyWALL A as below:

Local IP Address Start= 1.1.1.1 End= 1.1.2.254

Remote IP Address Start= 1.1.2.240 End = 1.1.2.254

ZyWALL LAN IP = 1.1.1.10

ZyWALL LAN IP falls into the Local Address of this rule, when you want to manage the

ZyWALL A from PC

you will find that you cannot get a DHCP Client IP from the

ZyWALL anymore. Even if you set your IP on PC

as static one, you cannot access the

ZyWALL.

Appendix 11 VPN rule swap limitation with VPN Client on XAuth

Example 1:

ZyWALL (WAN)------------------- VPN Client

(IP:1.1.1.1) (IP:1.1.1.2)

ZyWALL VPN Rule: Two IKE rule

¾ Dynamic IKE rule:

Security Gateway: 0.0.0.0

X-Auth: Server

I. Policy one:

- Name: “Rule_A”

- Local: 192.168.2.0/24

- Remote: 0.0.0.0

¾ Static IKE rule:

Security Gateway: 1.1.1.2

X-Auth: None

I. Policy one:

- Name: “Rule_B”

- Local: 192.168.1.0/24

- Remote: 1.1.1.2/32

1 2 ... 97 98 99 100 101 102 103 104 105 106 107 ... 111 112

Komentarze do niniejszej Instrukcji

Brak uwag

ZyXEL Communications ZYWALL 70 - V4.04 Podręcznik Użytkownika Strona 102

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Networking ZyXEL Communications ZYWALL 70 - V4.04