Connect clients on LAN 1 to server on LAN 2

Options
lexeter
lexeter Posts: 3
First Comment
edited September 2022 in Security
Apologies if this is trivial but I could not find an answer via Google and I am not a trained network engineer.

Based on the network diagram below, how-if possible-should I configure the USG40? Thank you.
«1

All Replies

  • PeterUK
    PeterUK Posts: 2,763  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    So the two USG are local?
  • lexeter
    lexeter Posts: 3
    First Comment
    Options
    They are in two adjacent apartments, connected via Ethernet: One LAN port on the USG40 (Router 2) is connected to and assigned a static IP (192.168.147.98) by the USG60.
  • PeterUK
    PeterUK Posts: 2,763  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited September 2022
    Options

    Not 100% sure what you have done but there are many ways to do this one way without doing VLANs

    On the USG60 connect the WAN2 port to the USG40 OPT port.

    USG60 WAN2

    192.168.255.1

    255.255.255.252

    USG40 OPT

    192.168.255.2

    255.255.255.252

    USG60 routing rule

    incoming interface

    member LAN1

    destination 192.168.125.0/24

    next hop

    type gateway

    gateway 192.168.255.2

    SNAT none

    USG40 routing rule

    incoming interface

    member LAN2

    destination 192.168.147.0/24

    next hop

    type gateway

    gateway 192.168.255.1

    SNAT none

    USG60 policy control rule

    from LAN1

    to WAN

    you many add destination

    USG40 policy control rule

    from OPT

    to LAN2

    USG40 policy control rule

    from LAN2

    to OPT

    USG60 policy control rule

    from WAN

    to LAN1

    you many add destination and source 
  • PeterUK
    PeterUK Posts: 2,763  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    mMontana said:
    I'd use only the USG60.

    But where's the fun in that ;)
  • mMontana
    mMontana Posts: 1,302  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    The fun of USG40 as hotswap if USG60 take a nap.
  • lexeter
    lexeter Posts: 3
    First Comment
    Options
    Thank you very much for your answers! Apologies, because clearly my diagram is not sufficient to explain the setup, I have updated it below, hopefully it is clearer now. Unfortunately I cannot change the physical connection setup.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,454  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited September 2022
    Options

    Welcome to Zyxel community.    =)
    It seems to me that you can just add static route on USG60 to tell USG60 where to route subnet 192.168.125.X/24

    USG40:
    Lan 1 interface IP is 192.168.147.98/24, so that's direct route subnet for USG40. USG40 knows how to route to 192.168.147.90.
    USG60:
    USG60 don't know subnet 192.168.125.X/24, so we need to add static route on USG60.

    Static route 192.168.125.X/24 to 192.168.147.98.

  • PeterUK
    PeterUK Posts: 2,763  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    I don't think static route will work but have tested the way I said and works.
  • PeterUK
    PeterUK Posts: 2,763  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    So I tired setting up Cooldia way with static route and was wrong it does work but in order for it to work you need to set “Allow Asymmetrical Route” for policy control so would be good if this was done.

    Per Policy Control route type drop list for Symmetrical/Asymmetrical Route — Zyxel Community

    You may also need a routing rule on USG60

    incoming interface

    member LAN1

    destination 192.168.125.0/24

    next hop

    auto

    SNAT none


Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)