Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Wi-Fi Router Charts

Click for Wi-Fi Router Charts

Mesh System Charts

Click for Wi-Fi Mesh System Charts


The star of the 2 Plus show, however, is its IPsec VPN capability. But while its throughput lives up to Zyxel's claims, the 2 Plus does not greatly advance the state of the art in terms of ease of VPN setup or usefulness of its documentation. I have to admit, however, that the VPN Wizard was helpful in getting my test router-to-router tunnel set up, mostly because it presented screens containing all the settings that needed to be configured to get a basic tunnel going and had online help that could be popped up for each screen.

But neither the wizard nor the online help may be bullet-proof enough to get an IPsec tunnel virgin through the process on the first try. For example, I couldn't find a warning about one of the most common mistakes—the failure to make sure that the LANs at each end of the tunnel use different subnets—in the wizard, online help, User Guide or Quick Start.

I also found a subtle error that used the tem "remote" instead of "local" in the online help that, if followed, would never get a successful tunnel up. But since I've set up a successful tunnel or two, I was able to get through the wizard and have a working router-to-router tunnel—after, of course, changing the LAN subnet of one of the routers to 192.168.0.X from its default of 192.168.1.X.

The other way to set up a tunnel is to start at the Security > VPN screen and create your Gateway and Network policies from there. Figure 13 shows the rules established by my VPN Wizard session, with the network policy associated with its gateway policy expanded using the "+" icon in the left column. Clicking on the edit icons for each policy brings up its associated edit screen.

Zywall 2plus VPN Rules IKE screen

Figure 13: VPN Rules IKE screen (click image to enlarge)

Figure 14 shows the Gateway policy edit screen with its extensive options. Of special note are the abilities to enable a redundant remote gateway (the "VPN High Availability (HA)" feature), use a certificate for authentication and the extended authentication options using the built-in authentication database or external RADIUS server. Note also that the gateway policy can handle a dynamic IP address on the local gateway, but the remote must have either a fixed IP address or domain name.

Zywall 2plus Gateway policy screen

Figure 14: VPN Gateway policy screen (click image to enlarge)

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Don't Miss These

  • 1
  • 2