USG40 - WiFi clients of router to LAN access

kaika313

Hello, we have a USG40 and having issues to make WiFi users of the router to which the firewall is connected access the internal LAN. This is our configuration:
INTERNET --> ISP ROUTER 192.168.0.1 -- USG40 192.168.0.253, DHCP/GATEWAY 192.168.1.1 to internal LAN range 192.168.1.xx-192168.1.yy
Any client connected through cables can access Internet and is able to view network shares but if I connect to ISP router's wireless network which gives a DHCP address within 192.168.0.x-192.168.0.y range I cannot access clients within USG DHCP range.
How can I make WiFi clients communicate with USG clients?

Thank you

Zyxel_Cooldia

Hi @kaika31,
The range 192.168.1.x is behind a NAT router(USG40), you are unable to “VIEW” this subnet from USG Wan side.
If you want to access USG clients from ISP router’s wireless network, you can bridge the USG Wan and Lan interface to run transparent bridge mode.

kaika313

Zyxel_Cooldia

thank you for for your answer.
I've followed the instructions found in Zyxell Knowledge Base (What is the procedure to bridge the USG LAN and WAN interface?) creating a bridge between wan1 and lan1 but it gives this error when I try to apply it:

CLI Number: 1
Error Number: -1011
Error Message: 'This is a duplicate IP Address.

In the IP address Assignment section of Bridge settings I've selected Use Fixed IP address writing 192.168.0.253 as IP address and 192.168.0.1 as Gateway. Do I have to use a different IP Fixed IP address?

Thank you

Zyxel_Cooldia

Hi @kaika31,
It seems that bridge interface IP is conflicted with USG interface IP. can you check is there any IP conflict with Interface IP.

Regards,
Cooldia.

kaika313

Hi Cooldia, when I first set the USG I assigned it a fixed IP in order to make it communicate with ISP router and the IP address is the one I tried to set also in the bridge interface. I've tried to give the Bridge interface a different IP address (192.168.0.254) but as soon as I clicked on apply nobody were able to connect to Internet and I had to deactivate it. It was as the Bridge interface became the gateway. I just want to make 192.168.0.X range communicate with 192.168.1.X range but I cannot make it work... what's the right procedure? Thank you

Zyxel_Cooldia

Hi @kaika31,
The procedure should be correct. Once you bridge USG-40 Wan and Lan interface, USG Lan side client should get the IP address from the ISP router(subnet 192.168.0.x/24). Says, there is no 192.168.1.x/24 in your network, because USG-40 run as transparent bridge.
Please confirm the Lan side client can renew the IP address from ISP router to access Internet.

kaika313

Hi Cooldia, the problem is that I want to keep 192.168.0.X for WiFi connected clients and 192.168.1.X for USG clients which acts as DHCP server and Gateway for them.  So, what's the right procedure or option to set to maintain both IP ranges allowing them to communicate (if it's possible)?

Zyxel_Cooldia

Hi @laika313,
It is unable to access 192.168.1.x/24 subnet from ISP router wireless client.
As i mentioned earlier , the range 192.168.1.x is behind a NAT router(USG40), you can not “VIEW” the subnet behind NAT from WAN side directly.
 

kaika313

Hi Cooldia, ok, thank you for your reply and support!
Regards

Ian31

Hi,
You can configure USG to run as router mode. Then add a static route on your USP router.

(1) Disable Source NAT for LAN to WAN
     On GUI, go to Interface > Trunk page. Un-check "Enable Default SNAT" setting.


(2) Add Security Policy (firewall rule) to allow access from WAN(192.168.0.0/24) to USG LAN(192.168.1.0/24)

(3) Add a static route in your ISP router
     To 192.168.1.0/24, next-hop: 192.168.0.253