Site-to-Site Force Tunnel
All Replies
-
Routing. And firewall/policy rules.
0 -
Hi @KITNIT,
Here’s an example setup for this environment;
In USG60’s configurations you need to add following policy routes;
(Configuration > Network > Routing > Policy Route)1- With the source address of 10.10.10.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
2- Any traffic to 20.20.20.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
3- Any traffic from 20.20.20.0/24 will be forwarded to SYSTEM_DEFAUL_WAN_TRUNK
You will also need to add a Security Policy rule;
(Configuration > Security Policy > Policy Control)
Allow the traffic that comes from IPSec_VPN.
In USG40’s configurations you need to add following policy routes;
(Configuration > Network > Routing > Policy Route)1- With the source address of 20.20.20.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
2- Any traffic to 10.10.10.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
3- Any traffic from 10.10.10.0/24 will be forwarded to SYSTEM_DEFAULT_WAN_TRUNK
You will also need to add a Security Policy rule;
(Configuration > Security Policy > Policy Control)
0 -
I have to make such a site-site VPN, my question is, shouldn't the routings be added exactly the reciproc way around? …what is in USG40 to USG60 and vica-versa?
f I understand correctly, this is necessary in case of the two sites, only one site can "go to the internet"?0
Categories
- All Categories
- 438 Beta Program
- 2.7K Nebula
- 188 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 454 USG FLEX H Series
- 303 Security Ideas
- 1.6K Switch
- 81 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 278 Service & License
- 435 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 91 Security Highlight