Connect two Zywall USG60 with switch
Hi,
I have a problem which I didn't anticipate would be a problem. I have two physical locations. My ISP connected two locations by fibre switch. I don't have both physical and remote management to this device. For me it works like unmanaged switch between this two locations.
In both locations I have Zyxel Zywall USG60 with their own Internet connection, DHCP server and local network. I want to connect this two Zywall's so that certain devices can connect with each other through this switch (by firewall rules).
The problem is that I can't configure it that the both DHCP servers won't interfere with each other. Please give me a hint what is the right way to do this.
Thanks in advance and have a nice day!
0
Accepted Solution
-
If fiber switch just like an unmanagement switch, then you can setup your own IP address on WAN2.
SiteA IP: 100.100.100.1, Mask: 255.255.255.252, Gateway: 100.100.100.2
SiteB IP: 100.100.100.2, Mask: 255.255.255.252, Gateway: 100.100.100.1
And then add policy route for them:
SiteA: Source: 192.168.1.0/24, Destination: 192.168.2.0/24, NextHOP: WAN2, SNAT: None.
SiteB.....vice versa0
Ally MemberAll Replies
-
IMVHO the fibre switch should be connected to WAN2 of both USG60. And a route should tell than Network 1 should be using WAN2 for reaching Network 2, and back.
0 -
Does ISP offers IP address to your sites which connected with fiber switch?You can list IP addresses in your topology, then should much easier provide advice to you.0
-
Yea, I tried something like this but devil is in the details. I spent over 2 hours today trying to get this work with policy route and static routes and nothing works.mMontana said:IMVHO the fibre switch should be connected to WAN2 of both USG60. And a route should tell than Network 1 should be using WAN2 for reaching Network 2, and back.
No, like i said it works like unmanaged switch between those two locations. My subnets with IP address are on the diagram.CHS said:Does ISP offers IP address to your sites which connected with fiber switch?You can list IP addresses in your topology, then should much easier provide advice to you.0 -
You need to setup a LAN2
site A on LAN1 192.168.1.0/24 gateway 192.168.1.1
LAN2 192.168.255.0/24 gateway 192.168.255.1
site B on LAN1 192.168.2.0/24 gateway 192.168.2.1
LAN2 192.168.255.0/24 gateway 192.168.255.2
You then need a static route rule on site A
Destination IP 192.168.2.0
subnet 255.255.255.0
gateway 192.168.255.2
You need a static route rule on site B
Destination IP 192.168.1.0
subnet 255.255.255.0
gateway 192.168.255.1
I think that should do it
and you will need some firewall rules from LAN1 to LAN2 and from LAN2 to LAN1
0
Guru Member
Categories
- 6.8K All Categories
- 1.4K Nebula
- 29 Nebula Ideas
- 35 Nebula Status and Incidents
- 3.9K Security
- 200 Security Ideas
- 722 Switch
- 30 Switch Ideas
- 598 WirelessLAN
- 8 WLAN Ideas
- 4.5K Consumer Product
- 98 Service & License
- 214 New and Release
- 38 Security Advisories
- 507 FAQ
- 232 Nebula FAQ
- 117 Security FAQ
- 72 Switch FAQ
- Network Reliability
- Network Security
- IPTV
- Layer 3 Switching & Routing
- Surveillance / ONVIF
- Other Topics
- 65 WirelessLAN FAQ
- 5 Consumer Product FAQ
- Documents
- 30 Nebula Monthly Express
- 43 About Community
- 31 Security Highlight
