Connect two Zywall USG60 with switch
Hi,
I have a problem which I didn't anticipate would be a problem. I have two physical locations. My ISP connected two locations by fibre switch. I don't have both physical and remote management to this device. For me it works like unmanaged switch between this two locations.
In both locations I have Zyxel Zywall USG60 with their own Internet connection, DHCP server and local network. I want to connect this two Zywall's so that certain devices can connect with each other through this switch (by firewall rules).
The problem is that I can't configure it that the both DHCP servers won't interfere with each other. Please give me a hint what is the right way to do this.
Thanks in advance and have a nice day!
0
Accepted Solution
-
If fiber switch just like an unmanagement switch, then you can setup your own IP address on WAN2.
SiteA IP: 100.100.100.1, Mask: 255.255.255.252, Gateway: 100.100.100.2
SiteB IP: 100.100.100.2, Mask: 255.255.255.252, Gateway: 100.100.100.1
And then add policy route for them:
SiteA: Source: 192.168.1.0/24, Destination: 192.168.2.0/24, NextHOP: WAN2, SNAT: None.
SiteB.....vice versa0
Master MemberAll Replies
-
IMVHO the fibre switch should be connected to WAN2 of both USG60. And a route should tell than Network 1 should be using WAN2 for reaching Network 2, and back.
0 -
Does ISP offers IP address to your sites which connected with fiber switch?You can list IP addresses in your topology, then should much easier provide advice to you.0
-
Yea, I tried something like this but devil is in the details. I spent over 2 hours today trying to get this work with policy route and static routes and nothing works.mMontana said:IMVHO the fibre switch should be connected to WAN2 of both USG60. And a route should tell than Network 1 should be using WAN2 for reaching Network 2, and back.
No, like i said it works like unmanaged switch between those two locations. My subnets with IP address are on the diagram.CHS said:Does ISP offers IP address to your sites which connected with fiber switch?You can list IP addresses in your topology, then should much easier provide advice to you.0 -
You need to setup a LAN2
site A on LAN1 192.168.1.0/24 gateway 192.168.1.1
LAN2 192.168.255.0/24 gateway 192.168.255.1
site B on LAN1 192.168.2.0/24 gateway 192.168.2.1
LAN2 192.168.255.0/24 gateway 192.168.255.2
You then need a static route rule on site A
Destination IP 192.168.2.0
subnet 255.255.255.0
gateway 192.168.255.2
You need a static route rule on site B
Destination IP 192.168.1.0
subnet 255.255.255.0
gateway 192.168.255.1
I think that should do it
and you will need some firewall rules from LAN1 to LAN2 and from LAN2 to LAN1
0
Guru Member
Categories
- 7.4K All Categories
- 1.5K Nebula
- 46 Nebula Ideas
- 49 Nebula Status and Incidents
- 4.2K Security
- 212 Security Ideas
- 845 Switch
- 34 Switch Ideas
- 731 WirelessLAN
- 11 WLAN Ideas
- 4.8K Consumer Product
- 123 Service & License
- 252 News and Release
- 44 Security Advisories
- 6 Education Center
- 559 FAQ
- 266 Nebula FAQ
- 127 Security FAQ
- 73 Switch FAQ
- 70 WirelessLAN FAQ
- 7 Consumer Product FAQ
- Documents
- 34 Nebula Monthly Express
- 62 About Community
- 37 Security Highlight
