manualshive.com logo in svg

ZyXEL Communications ZyWALL VPN2S, Handbook

The ZyXEL Communications ZyWALL VPN2S is a high-performance VPN router that ensures secure and reliable connectivity for your network. To maximize its potential, download the comprehensive user manual and handbook for free, exclusively from our manualshive.com. Explore advanced features and unleash the full potential of your device.

Share
Download
background image

 

 

 
 

28/63 

 

 
 

www.zyxel.com 

The result is displayed on VPN on VPN2S 

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Summary of Contents for ZyWALL VPN2S

Page 1: ...xel com VPN2S VPN2S VPN Firmware V1 12 ABLN 0 b9 Edition 1 5 2018 Handbook Default Login Details LAN Port IP Address https 192 168 1 1 User Name admin Password 1234 Copyright 2018 ZyXEL Communications Corporation ...

Page 2: ...eries 20 How to configure VPN with PC Server Role 21 Set Up the IPSec VPN Tunnel on the VPN2S 21 Setup the Zywall IPsec VPN client 24 Test VPN2S as Server Role 27 How to setup scheduled rule via firewall on VPN2S 29 Setup the schedule rule on the VPN2S 30 Test scheduled rule via firewall on VPN2S 32 How to Configure Interface Group Bridge Bundle WAN Interface Triple play 32 Set Up the Interface Gr...

Page 3: ...N2S clients following rules 52 Set Up the policy route to force VPN2S clients following rules 53 How to Configure Content Filter by Category 55 Set up the Content Filter by Category 55 Test the Content Filter 57 How to Configure bypass website by Content Filter white list 58 Set up the Content Filter by Category 58 Set up the Content Filter white list 60 Test bypass website by Content Filter white...

Page 4: ...ting systems When the VPN tunnel is configured users can securely access the network and allow traffic from L2TP clients to go to the Internet from an Android mobile phone Figure VPN2S connect with Mobile through L2TP VPN Tunnel Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your actual network IP addresses and subnet masks ...

Page 5: ... zyxel com Set Up the PPPoE Connection On VPN2S Series Go to Configuration Wan Internet WAN Setup WAN1 Edit change the Encapsulation from default IPoE to PPPoE and fill the username password on PPP information ...

Page 6: ... VPN Tunnel on VPN2S Go to Configuration VPN IPsec VPN Default_L2TP_VPN_GW and Default_L2TP_VPN_Connection Edit enable both of rule and fill the pre share key on Default_L2TP_VPN_GW Figure Configuration VPN IPsec VPN Default_L2TP_VPN_GW ...

Page 7: ...7 63 www zyxel com Figure Configuration VPN IPsec VPN Default_L2TP_VPN_Connection ...

Page 8: ...h will be assigned to l2tp client on IP Address Pool Figure Configuration VPN L2TP VPN Configure the L2TP VPN Tunnel on Android Mobile Version 5 0 2 Go to Setting Wireless Networks VPN Add VPN Profile and fill the name of profile Select L2TP IPSec PSK on Type field enter Server address and pre shared key ...

Page 9: ...9 63 www zyxel com Test the L2TP over IPSec VPN Tunnel Type the username and password and click CONNECT The L2TP VPN session connected ...

Page 10: ...10 63 www zyxel com What Could Go Wrong Make sure your Pre shared key on VPN2S and Mobile are the same ...

Page 11: ... they needed This scenario uses two units of VPN2S to create an IPSec VPN connection Moreover both USGs get their public IPs via PPPoE HQ WAN IP 61 231 53 228 LAN IP 192 168 2 1 Branch WAN IP 36 226 203 74 LAN IP 192 168 3 1 Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your actual network IP addresses and subnet masks This example was...

Page 12: ...m Configuration the LAN IP on HQ Site Go to Configuration LAN Home network VLAN Interface Group Add Create the Lan Subnet 192 168 2 X 24 first go to VLAN to separate the LAN2 and then change the subnet to 192 168 2 X 24 ...

Page 13: ...13 63 www zyxel com Go to Configuration LAN Setup Edit ...

Page 14: ...to Configuration VPN IPSec VPN Add the profile on Gateway configuration and Connection configuration For the VPN gateway please enter the VPN gateway name select the Interface for public IP enter the peer s domain in the Primary field and enter the Pre Shared Key ...

Page 15: ...onnection Phase 2 1 Enter the Connection Name select Site to site as the Application Scenario and select the name of the phase 1 profile Branch in the VPN Gateway field 2 For Local policy choose the subnet that your PC is connected to ...

Page 16: ...Configuration the LAN IP on Branch Site Go to Configuration LAN Home network VLAN Interface Group Add Create the Lan Subnet 192 168 3 X 24 first go to VLAN to separate the LAN2 and then change the subnet to 192 168 3 X 24 ...

Page 17: ...17 63 www zyxel com Go to Configuration LAN Setup Edit ...

Page 18: ...o to Configuration VPN IPSec VPN Add the profile on Gateway configuration and Connection configuration For the VPN gateway please enter the VPN gateway name select the Interface for public IP enter the peer s domain in the Primary field and enter the Pre Shared Key ...

Page 19: ...onnection Phase 2 3 Enter the Connection Name select Site to site as the Application Scenario and select the name of the phase 1 profile Branch in the VPN Gateway field 4 For Local policy choose the subnet that your PC is connected to ...

Page 20: ...20 63 www zyxel com Test IPSec VPN on VPN2S Series Click the connect button and the Icon will change from Gray to light ...

Page 21: ...onfigured each site can be accessed securely Set Up the IPSec VPN Tunnel on the VPN2S In the VPN2S go to Wizard Welcome to IPsec VPN Setup use the VPN Settings for Configuration Provisioning wizard to create a VPN rule that can be used with the ZyWALL IPSec VPN Client Click Next Figure Wizard Welcome to IPsec VPN Setup Note All network IP addresses and subnet masks are used as examples in this art...

Page 22: ... to be the authentication method Click Next Figure Wizard Welcome to IPsec VPN Setup Select the Scenario which will be deployed Remote Access Server Role and click Next Figure Wizard Welcome to IPsec VPN Setup Choose the WAN1 for My Interface and fill pre Shared Key and local IP Address Figure Wizard Welcome to IPsec VPN Setup ...

Page 23: ...23 63 www zyxel com The configured result will be displayed Click Save And then Go to Configuration VPN IPsec VPN the Server role already created on VPN Figure Configuration VPN IPsec VPN ...

Page 24: ...e Zywall IPsec VPN client Since the IKE Version 2 is using so the New VPN Gateway need to be added on IKEV2 on IPSec VPN Client Figure IPSec VPN Client Fill Remote Gateway IP address and pre shared key and then move to IKE Advance ...

Page 25: ...25 63 www zyxel com On the IKE Advance page Select IPV4 Address and fill 0 0 0 0 on local and Remote ID After that create the New VPN Connection ...

Page 26: ...26 63 www zyxel com On the IKev2 Tunnel please fill in VPN Client address and Remote LAN address ...

Page 27: ...27 63 www zyxel com Test VPN2S as Server Role Click Open Tunnel The Tunnel established ...

Page 28: ...28 63 www zyxel com The result is displayed on VPN on VPN2S ...

Page 29: ...le will illustrate the VPN2S User Access Control allows IT manager arrange Internet access schedule to limit specific or all LAN PC Internet access time Figure User Access Control Note The rules of internet access schedule related with device need to be double checked by IT Manager ...

Page 30: ...e schedule rule on the VPN2S Go to System Scheduler Rule Add Fill the name of the schedule rule and tick Mon to Fri on the Days field On the Time of Day Range enter 7 00 to 18 00 Click OK Figure Schedule Rule Figure Schedule Rule ...

Page 31: ...reate the Firewall Rule which related with Schedule rule Check Enable fill the name of rule and check Any to limit all device in the schedule Choose REJECT as your policy Select Internet Access which created on schedule rule Figure Firewall Security Firewall Rules Add ...

Page 32: ...This example shows how to use the Interface Group There are Internet and VoIP connections The Interface Group VoIP should be bridge to WAN interface VoIP When the Interface Group is configured Internet and VoIP traffic can be isolated and VoIP can be use L2 traffic to the WAN interface Figure Interface Group Bridge Bundle WAN Interface ...

Page 33: ...l com Set Up the Interface Group Bridge Bundle WAN Interface Group on the VPN2S Sign into the VPN2S Go to LAN Home Network VLAN Interface Group Click Configuration WAN Internet WAN Setup Add to open the follow screen ...

Page 34: ... www zyxel com Click Configuration LAN Home Network VLAN Interface Group Add to open the follow screen Click Configuration LAN Home Network VLAN Interface Group Add VLAN Group s Add to open the follow screen ...

Page 35: ... com Click Configuration LAN Home Network VLAN Interface Group Add WAN Interface Used In This Group Add to open the follow screen Click Configuration LAN Home Network VLAN Interface Group Add to open the follow screen ...

Page 36: ...36 63 www zyxel com How to configure Multi WAN This example shows how to use the Multi WAN there are WAN1 VoIP Mobile ...

Page 37: ... is WAN backup since most Mobile connection charge the user more cost Figure Multi WAN Set Up the Multi WAN on the VPN2S Sign into the VPN2S Go to Configuration WAN Internet Multi WAN Click Configuration WAN Internet Multi WAN Edit open the follow screen Check the Multi WAN status VoIP connection Click Dashboard open the follow screen ...

Page 38: ...the follow screen Mobile3G connection Click Dashboard open the follow screen How to Configure NAT Port Forwarding This example shows how to use the Port Forwarding to access local server The example instructs how to configure the Port Forwarding When the Port ...

Page 39: ...om Internet Figure Multiple Servers Behind NAT Example Set Up the Port Forwarding on the VPN2S Sign into the VPN2S Go to NAT Port Forwarding Click Configuration NAT Port Forwarding Add to open the follow screen Note 1 The TCP port is reserved for TR069 connection request port ...

Page 40: ...40 63 www zyxel com Click Configuration NAT Port Forwarding open the follow screen Test the Port Forwarding Connect to http 10 214 30 45 55000 will access Server B 192 168 1 43 80 ...

Page 41: ...41 63 www zyxel com ...

Page 42: ...example instructs how to configure the Port Triggering When Port Triggering is opened File Server will forward to the open port Trigger Port Forwarding Process Example Note 1 Only one PC can connect to the File Server until the connection is closed or time out 2 The times out in three minutes with UDP or two hours with TCP IP ...

Page 43: ...43 63 www zyxel com Set Up the Port Triggering on the VPN2S In the VPN2S go to NAT Port Triggering Click Configuration NAT Port Triggering Add to open the follow screen ...

Page 44: ...o configure the NAT ALG When the NAT ALG is configured will solve major problem for peer to peer communication in NAT Figure FTP ALG Enable the ALG on the VPN2S 1 In the VPN2S go to NAT ALG Click Configuration NAT ALG open the follow screen Note 1 Mack sure ALG works correctly with port forwarding and address mapping rules ...

Page 45: ...ccessed Web Server Figure Default Server Note 1 Enter IP address and click OK to activate the default server 2 The Interface Group for the default server is by default on firewall LAN zone Use LAN to configure it to other zone if desired 3 Some default ports of services are already used by device service If you need the same ports for the default server please change the ports used by device servi...

Page 46: ...l com Set Up the Default Server on the VPN2S 1 In the VPN2S go to NAT Default Server Click Configuration NAT Default Server Add to open the follow screen Click Configuration NAT Default Server open the follow screen ...

Page 47: ...47 63 www zyxel com Test the Default Server Connect to http 10 214 30 45 will access Server B 192 168 1 43 ...

Page 48: ...nternet but you don t have enough Public So we can use Address Mapping to translate Private IP to Public IP When the Address Mapping is configured each user can be browser Internet Figure NAT Address Mapping Note 1 Address mapping rule sets do not have priority above each other and might not give the desired result if the IP ranges overlap ...

Page 49: ...ng One to One In the VPN2S go to WAN Internet WAN Setup Click Configuration WAN Internet WAN Setup Choice WAN1 Edit to open the follow screen 2 In the VPN2S go to NAT Address Mapping Click Configuration NAT Address Mapping Add to open the follow screen ...

Page 50: ...g Many to Many In the VPN2S go to WAN Internet WAN Setup Click Configuration WAN Internet WAN Setup Choice WAN1 Edit to open the follow screen 3 In the VPN2S go to NAT Address Mapping Click Configuration NAT Address Mapping Add to open the follow screen ...

Page 51: ...g Many to one In the VPN2S go to WAN Internet WAN Setup Click Configuration WAN Internet WAN Setup Choice WAN1 Edit to open the follow screen 4 In the VPN2S go to NAT Address Mapping Click Configuration NAT Address Mapping Add to open the follow screen ...

Page 52: ...how to create Policy Route You want to LAN users bower Internet use different interface however you won t to use static route Therefore we can use Policy Route to reach this purpose When the Policy Route is configured each LAN user can be used different interface go to Internet Figure NAT Address Mapping ...

Page 53: ... policy route to force VPN2S clients following rules In the VPN2S go to WAN Internet WAN Setup Click Configuration Routing Policy Route to open the follow screen Click Configuration Routing Policy Route Add to open the follow screen ...

Page 54: ...54 63 www zyxel com ...

Page 55: ...ilter is configured each PC can t not access media website Set up the Content Filter by Category In the VPN2S go to Security Service Content Filter Click Configuration Security Service Content Filter to open the follow screen Then check Enable Content Filter and Enable HTTPS Domain Filter for HTTPs traffic Click Configuration Security Service Content Filter Profile Management Add to open the follo...

Page 56: ...Category Server Click Configuration Security Service Content Filter Profile Management Add Test Against Content Filter Category Server to open the follow screen Youtube is Recreation Entertainment and Streaming Media Downloads Select Block in Recreation ...

Page 57: ...guration Security Service Content Filter Profile Management Add Managed Categories to open the follow screen To check Entertainment and Streaming Media Downloads in Recreation Test the Content Filter Connect to https www youtube com ...

Page 58: ...nfigure Content Filter white list When the Content Filter white list is configured each PC cannot access media websites exclude white list web site Set up the Content Filter by Category In the VPN2S go to Security Service Content Filter Click Configuration Security Service Content Filter to open the follow screen Then check Enable Content Filter and Enable HTTPS Domain Filter for HTTPs traffic ...

Page 59: ...59 63 www zyxel com Click Configuration Security Service Content Filter Profile Management Add to open the follow screen Select Block in Recreation ...

Page 60: ...list Connect to https www youtube com How to Configure bypass website by Content Filter black list This example shows how to bypass website by Content Filter black list on the VPN2s The example instructs how to configure Content Filter black list When the Content Filter black list is configured each PC cannot access those websites ...

Page 61: ...ty Service Content Filter Click Configuration Security Service Content Filter to open the follow screen Then check Enable Content Filter and Enable HTTPS Domain Filter for HTTPs traffic Click Configuration Security Service Content Filter Profile Management Add to open the follow screen ...

Page 62: ...62 63 www zyxel com Select Allow in all Category Set up the Content Filter black list To add Yahoo to black list Test block website by Content Filter black list Connect to https tw yahoo com ...

Page 63: ...63 63 www zyxel com ...

Reviews:

No comments

Related manuals for ZyWALL VPN2S

McAfee Data Loss Prevention Prevent Quick Start Manual preview
Data Loss Prevention Prevent
Brand: McAfee Pages: 8
H3C SecPath F5020 Interface Configuration Manual preview
SecPath F5020
Brand: H3C Pages: 32
Motorola SURFboard SVG2500 Quick Installation Manual preview
SURFboard SVG2500
Brand: Motorola Pages: 32
Lundix It SPC SmartBox User Manual preview
SPC SmartBox
Brand: Lundix It Pages: 62

Brands by name

Popular brands

Load more brands