Routing additional IP scope to servers behind USG110

adi_dragnic · February 2022

Hi Guys,

I have USG 110 and i am trying now for a few days to get this working with no luck

, my WAN1 has an address - 80.64.xx.xx, isp provided us with new address scope 93.26.xx.xx/29. and told me that the Gateway is the gateway from WAN1.

Here is what I have configured so far with no result

I have created virtual WAN1:1

Image: https://us.v-cdn.net/6029482/uploads/editor/8m/amoxnehl29fk.jpg

I have created these policy routes

Image: https://us.v-cdn.net/6029482/uploads/editor/ji/qjgautcvdrsw.jpg

Created NAT Rules:

Image: https://us.v-cdn.net/6029482/uploads/editor/oe/1djf3dn1p588.jpg

and I have also created these policies

Image: https://us.v-cdn.net/6029482/uploads/editor/7d/fagfsa9kseo1.jpg

I am unable to access these servers with public IP addresses. I am stuck at this point and need some advice on how can I configure this to work. I think I need some routes for the public IP scope.

Looking to hearing from you soon.

Best
Adi

PeterUK · February 2022

You config the LAN side subnet with 93.26.xx.xx/29 then your devices get WAN IP from your LAN you then do a routing rule incoming LAN1 next hop WAN1 with SNAT none.

remove virtual WAN1:1 and no need for NAT rules

Zyxel_Cooldia · February 2022

Hi @adi_dragnic,
It looks like Public Lan scenario. You may follow PeterUK's suggestion to bind 93.26.xx.xx/29 in internal interface, and set up corresponding policy route for routing from 93.26.xx.xx/29 to Internet.

Routing additional IP scope to servers behind USG110

All Replies

Categories

Security Highlight

Security Help Center