Connect two Zywall USG60 with switch
Hi,
I have a problem which I didn't anticipate would be a problem. I have two physical locations. My ISP connected two locations by fibre switch. I don't have both physical and remote management to this device. For me it works like unmanaged switch between this two locations.
In both locations I have Zyxel Zywall USG60 with their own Internet connection, DHCP server and local network. I want to connect this two Zywall's so that certain devices can connect with each other through this switch (by firewall rules).
The problem is that I can't configure it that the both DHCP servers won't interfere with each other. Please give me a hint what is the right way to do this.
Thanks in advance and have a nice day!
0
Best Answer
-
If fiber switch just like an unmanagement switch, then you can setup your own IP address on WAN2.
SiteA IP: 100.100.100.1, Mask: 255.255.255.252, Gateway: 100.100.100.2
SiteB IP: 100.100.100.2, Mask: 255.255.255.252, Gateway: 100.100.100.1
And then add policy route for them:
SiteA: Source: 192.168.1.0/24, Destination: 192.168.2.0/24, NextHOP: WAN2, SNAT: None.
SiteB.....vice versa0
Ally MemberAnswers
-
IMVHO the fibre switch should be connected to WAN2 of both USG60. And a route should tell than Network 1 should be using WAN2 for reaching Network 2, and back.
0 -
Does ISP offers IP address to your sites which connected with fiber switch?You can list IP addresses in your topology, then should much easier provide advice to you.0
-
Yea, I tried something like this but devil is in the details. I spent over 2 hours today trying to get this work with policy route and static routes and nothing works.mMontana said:IMVHO the fibre switch should be connected to WAN2 of both USG60. And a route should tell than Network 1 should be using WAN2 for reaching Network 2, and back.
No, like i said it works like unmanaged switch between those two locations. My subnets with IP address are on the diagram.CHS said:Does ISP offers IP address to your sites which connected with fiber switch?You can list IP addresses in your topology, then should much easier provide advice to you.0 -
You need to setup a LAN2
site A on LAN1 192.168.1.0/24 gateway 192.168.1.1
LAN2 192.168.255.0/24 gateway 192.168.255.1
site B on LAN1 192.168.2.0/24 gateway 192.168.2.1
LAN2 192.168.255.0/24 gateway 192.168.255.2
You then need a static route rule on site A
Destination IP 192.168.2.0
subnet 255.255.255.0
gateway 192.168.255.2
You need a static route rule on site B
Destination IP 192.168.1.0
subnet 255.255.255.0
gateway 192.168.255.1
I think that should do it
and you will need some firewall rules from LAN1 to LAN2 and from LAN2 to LAN1
0
Master Member
Guru Member
Categories
- 6K All Categories
- 1.2K Nebula
- 16 Nebula Ideas
- 12 Nebula Status and Incidents
- 3.4K Security
- 185 Security Ideas
- 593 Switch
- 24 Switch Ideas
- 425 WirelessLAN
- 6 WLAN Ideas
- 4.2K Consumer Product
- 56 Service & License
- 191 New and Release
- 24 Security Advisories
- 451 FAQ
- 208 Nebula FAQ
- 99 Security FAQ
- 65 Switch FAQ
- 63 WirelessLAN FAQ
- Documents
- 20 Nebula Monthly Express
- 32 About Community
- 20 Security Highlight
