Connect two Zywall USG60 with switch
Freshman Member
Hi,
I have a problem which I didn't anticipate would be a problem. I have two physical locations. My ISP connected two locations by fibre switch. I don't have both physical and remote management to this device. For me it works like unmanaged switch between this two locations.
In both locations I have Zyxel Zywall USG60 with their own Internet connection, DHCP server and local network. I want to connect this two Zywall's so that certain devices can connect with each other through this switch (by firewall rules).
The problem is that I can't configure it that the both DHCP servers won't interfere with each other. Please give me a hint what is the right way to do this.
Thanks in advance and have a nice day!
0
Accepted Solution
-
If fiber switch just like an unmanagement switch, then you can setup your own IP address on WAN2.
SiteA IP: 100.100.100.1, Mask: 255.255.255.252, Gateway: 100.100.100.2
SiteB IP: 100.100.100.2, Mask: 255.255.255.252, Gateway: 100.100.100.1
And then add policy route for them:
SiteA: Source: 192.168.1.0/24, Destination: 192.168.2.0/24, NextHOP: WAN2, SNAT: None.
SiteB.....vice versa0
Master Member
All Replies
-
IMVHO the fibre switch should be connected to WAN2 of both USG60. And a route should tell than Network 1 should be using WAN2 for reaching Network 2, and back.
0 -
Does ISP offers IP address to your sites which connected with fiber switch?You can list IP addresses in your topology, then should much easier provide advice to you.0
-
Yea, I tried something like this but devil is in the details. I spent over 2 hours today trying to get this work with policy route and static routes and nothing works.mMontana said:IMVHO the fibre switch should be connected to WAN2 of both USG60. And a route should tell than Network 1 should be using WAN2 for reaching Network 2, and back.
No, like i said it works like unmanaged switch between those two locations. My subnets with IP address are on the diagram.CHS said:Does ISP offers IP address to your sites which connected with fiber switch?You can list IP addresses in your topology, then should much easier provide advice to you.0 -
You need to setup a LAN2
site A on LAN1 192.168.1.0/24 gateway 192.168.1.1
LAN2 192.168.255.0/24 gateway 192.168.255.1
site B on LAN1 192.168.2.0/24 gateway 192.168.2.1
LAN2 192.168.255.0/24 gateway 192.168.255.2
You then need a static route rule on site A
Destination IP 192.168.2.0
subnet 255.255.255.0
gateway 192.168.255.2
You need a static route rule on site B
Destination IP 192.168.1.0
subnet 255.255.255.0
gateway 192.168.255.1
I think that should do it
and you will need some firewall rules from LAN1 to LAN2 and from LAN2 to LAN1
0 -
If fiber switch just like an unmanagement switch, then you can setup your own IP address on WAN2.
SiteA IP: 100.100.100.1, Mask: 255.255.255.252, Gateway: 100.100.100.2
SiteB IP: 100.100.100.2, Mask: 255.255.255.252, Gateway: 100.100.100.1
And then add policy route for them:
SiteA: Source: 192.168.1.0/24, Destination: 192.168.2.0/24, NextHOP: WAN2, SNAT: None.
SiteB.....vice versa0
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
