1. Go to company dashboard and click on “Roc Site to Site” in the left sidebar.

2. Put in whatever encryption and time details you want. When you add these later in the Zyxel, they must be the same.

3. Make sure that you save the preshared key. You can generate one online. You'll need to use the same PSK for your Zyxel.

Go to the ZyXel USG interface and add a VPN Gateway. (Configuration > VPN > IPSec VPN > VPN Gateway > Add).

Enter the name of the VPN Gateway (Privatise for example).

Choose the outgoing interface in “My Address” (i.e. WAN1 or your WAN Interface).

Configure the Peer Gateway Address according to the ROC IP of the group you are connecting to.

Enter a preshared key you used previously.

Set Phase 1 proposals as you would like that you entered previously in the ROC Site-to-Site.

SA Tunnel lifetime = Choose the same number you put in the ROC Site to Site.

7. Add a VPN tunnel (Configuration > VPN > IPSec VPN > VPN Connection > Add).

8. Enable and name the rule.

9. Select Site-to-Site and select the created VPN gateway.

10. Set the local policy to your LAN subnet and remote policy to 10.8.0.0/16 (10.8.0.0 255.255.0.0).

NOTE: Eventually, you need to create an address object for the remote network.

11. Select Create new Object and choose IPv4 Address.

NOTE: Please check first if the IP address of the remote subnet does not already exist on the local subnet to avoid double IP address configuration. When the remote subnet is similar to one local subnet you will only be able to reach the local network.

12. Select Show Advanced Settings and make sure that the Phase 2 settings match what you have for Phase 2 on the ROC.