IPSec VPN. How to create connection with multiple local and remote networks

bk1

Hello. 
I Try configure IPSec with remote office. In connection settings I can add only 1 local and 1 remote network.
What should I do, if I have 3 networks:
10.80.6.0/24
10.80.10.0/24
10.80.12.0/24

Remote office has more networks:
10.88.12.0/24
10.76.0.0/16
10.10...
and etc.

mMontana

Create multiple "Connections" on the same "Gateway".

mMontana

Create multiple "Connections" on the same "Gateway".

bk1

@mMontana
Yes, It is work, but it is really uncomfortable. I should to create 31+ VPN Connections.
Maybe there is another option?

mMontana

Command line interface.

If this arrangement sucks for you, sucks for me too, but it's the way that Zyxel request for making it work.

I know there's a limit of tunnels (gateways) dependent from the device model, i don't know if there's a limit for subnets/connection/tunnel on the same gateway.

bk1

@mMontana
Thank you very much for answer

Zyxel_Cooldia

Hi @bk1.
You also can add policy route for site to site VPN multiple subnet routing.

mMontana

@Zyxel_Cooldia might worth some example, if you could...

Site1: subnet

192.168.199.0/24

Site2: subnets
172.31.99.0/24

172.31.128.0/24

172.31.158.0/24

How can be implemented the policy routing on Site1 with only a 192.168.199.0/24 <> 172.31.128.0/24 VPN connection?

Zyxel_Cooldia

Hi @mMontana,
Thanks for the example.
In site 1, add policy route for subnet 172.31.128.0/24 routing.
src = 192.168.199.0/24
dst= 172.31.128.0/24
next hop = Site to Site VPN tunnel

In site 2, add policy route for subnet 192.168.199.0/24 routing.
src = 172.31.128.0/24
dst= 192.168.199.0/24
next hop = Site to Site VPN tunnel