USG20-VPN Add another LAN to router on second lan port

I have two separate LANs locally. Each is fully functional by themselves for lan and wan access. Rather than create a slower site-to-site VPN between them, I would like to add the second lan to this router for full two-way communication. So, Wan port on USG20-VPN is up. Lan1 is on X.X.13.4/24 on port P3 on to the switch for that lan. Lan 2 is x.x.14.1/24 on P4 to its switch for that lan. How, if possible, do I tell the USG to allow two-way traffic between these networks? I am not a smart person so please speak in layman talk. 
Thank you for any suggestions or help. 

Best Answers

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,059  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Welcome to Zyxel community. In the default status, there is no policy route setting there are two security policies(LAN1_Outgoing and LAN2_Outgoing) their destination is any so no limited access.
    I used the default USG Flex device and lan1 PC1 192.168.1.33, PC2 192.168.2.33 can ping each other successfully, please refer to the below step:
     
    There is no policy route, static route settings. 

    There are two security policies(LAN1_Outgoing and LAN2_Outgoing) their destination is any so no limited access, additionally, I enable the log feature on those two security policies for troubleshooting purpose.

    If go to Maintenace>Packet Flow Explore>Routing Status, there are two direct routes LAN1 and.LAN2.


    PC1 192.168.1.33 can ping to PC2 192.168.2.33 successfully.


    PC2 192.168.2.33 can ping to PC2 192.168.1.33 successfully.

    Go to check the log (Monitor>Log>View Log) and will find there are ICMP logs because I enable the log feature on the security policies.

    So, can you check your routing setting and security policy are correct?
    Or, can you find some drop or deny logs on the Monitor Log? Maybe it is dropped or denied by the specific security policy.
    If you still have a problem with this please share the routing setting and security policy screenshots with us, thanks :) .
  • coldisbetter
    coldisbetter Posts: 3
    First Comment
    Answer ✓
    That worked and allowed traffic to flow between the two lans, albeit slowly and after hopping on the Internet to find its return. The question I asked has been fully answered and I thank you both for your efforts and responses! It appears that for the traffic to return, it is going to the remote router (the IP I assigned to the Lan2 port) and that router will need a bit of help now to do a direct return rather than going "out" to find a way back to .14. This is outside the scope of my question and I need to do my part in learning rather than "asking" someone to fix it for me for free, as it were.  

    Thank you again for your help!
    Dave
  • PeterUK
    PeterUK Posts: 2,704  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    If you want to do full speed get layer 2+ switches have the router point to them gateway's and add routing rule on the switches for the LAN's with other traffic to the router.


All Replies

  • PeterUK
    PeterUK Posts: 2,704  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    So you only have one USG20-VPN with two LAN's? then all you need to do is make a policy control from LAN1 to LAN2   
  • Ok. So, I have 4 fields that need filling, I think.  The From, To, Source and Destination.  I assume (and all the connotations associated with that assume) From will be Lan1, To=Lan2, Source=Lan1_subnet, Destination=Lan2_subnet.  Then create the Second policy reversed order?  All other fields remain ANY or default. 
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,059  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Welcome to Zyxel community. In the default status, there is no policy route setting there are two security policies(LAN1_Outgoing and LAN2_Outgoing) their destination is any so no limited access.
    I used the default USG Flex device and lan1 PC1 192.168.1.33, PC2 192.168.2.33 can ping each other successfully, please refer to the below step:
     
    There is no policy route, static route settings. 

    There are two security policies(LAN1_Outgoing and LAN2_Outgoing) their destination is any so no limited access, additionally, I enable the log feature on those two security policies for troubleshooting purpose.

    If go to Maintenace>Packet Flow Explore>Routing Status, there are two direct routes LAN1 and.LAN2.


    PC1 192.168.1.33 can ping to PC2 192.168.2.33 successfully.


    PC2 192.168.2.33 can ping to PC2 192.168.1.33 successfully.

    Go to check the log (Monitor>Log>View Log) and will find there are ICMP logs because I enable the log feature on the security policies.

    So, can you check your routing setting and security policy are correct?
    Or, can you find some drop or deny logs on the Monitor Log? Maybe it is dropped or denied by the specific security policy.
    If you still have a problem with this please share the routing setting and security policy screenshots with us, thanks :) .
  • coldisbetter
    coldisbetter Posts: 3
    First Comment
    Answer ✓
    That worked and allowed traffic to flow between the two lans, albeit slowly and after hopping on the Internet to find its return. The question I asked has been fully answered and I thank you both for your efforts and responses! It appears that for the traffic to return, it is going to the remote router (the IP I assigned to the Lan2 port) and that router will need a bit of help now to do a direct return rather than going "out" to find a way back to .14. This is outside the scope of my question and I need to do my part in learning rather than "asking" someone to fix it for me for free, as it were.  

    Thank you again for your help!
    Dave
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,059  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello @coldisbetter

    No problem, you are welcome! 

  • PeterUK
    PeterUK Posts: 2,704  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    If you want to do full speed get layer 2+ switches have the router point to them gateway's and add routing rule on the switches for the LAN's with other traffic to the router.


Security Highlight