Chapter 15 IPSec VPN Screens
ZyWALL 2WG User’s Guide
322
Figure 203
Overlap in a Dynamic VPN Rule
• Setting
Local and Remote IP Address Conflict Resolution
to
The Local Network
has the ZyWALL check if a packet’s destination is also at the local network before
forwarding the packet. If it is, the ZyWALL sends the traffic to the local network.
• Setting
Local and Remote IP Address Conflict Resolution
to
The Remote
Network
disables the checking for local network IP addresses.
IP Alias
You could have an IP alias network that overlaps with the VPN remote network (see
). For example, you have an IP alias network
M
(10.1.2.0/24) in ZyWALL
X
’s LAN. For
the VPN rule, you configure the VPN network as follows.
• Local IP address start: 192.168.1.1, end: 192.168.1.254
• Remote IP address start: 10.1.2.240, end: 10.1.2.254
• IP addresses 10.1.2.240 to 10.1.2.254 overlap.
Figure 204
Overlap in IP Alias and VPN Remote Networks
In this case, if you want to send packets from network
A
to an overlapped IP (ex. 10.1.2.241)
that is in the IP alias network
M
, you have to set
Local and Remote IP Address Conflict
Resolution
to
The Local Network
.
192.168.1.0/24
0.0.0.0