How to set up an additional internal VPN connection with an USG60?
I am having problems figuring out how to set up an additional VPN connection to our existing VPN connection so our users can connect to the VPN through our internal Wifi networks.
Our current configuration is as follows:
VPN does work through external connections arriving at the WAN public IP. The goal is to allow clients using the NATed Wifis to also connect to the same (or a very similar) VPN.
I originally posed this question here, and was instructed that USG60 devices do not support connections to VPN over internal ports before Firmware V4.32.
Now I upgraded to V4.32 and have tried to set up objects for an internal VPN connection:
Address Object
VPN Connection
VPN Gateway
Now when I go to the L2TP page, I can only select one of the 2 VPN Connections
What am I missing here? How do I configure this so users can connect to the VPN from internal connections?
Accepted Solution
-
Hi @stephan
You can use configuration unlimited it by CLI command.
Router> configure terminal
Router(config)# vpn-interface-restriction deactivate
Router(config)# write
And then reboot device.
After entered this command, client will able connect VPN tunnel from LAN interface.
5
All Replies
-
I forgot to add: with the above settings clients in the Wifis can not connect to VPN regardless on if they try to connect to IP of port 1 or port 4.
0 -
Hi @stephan
You can use configuration unlimited it by CLI command.
Router> configure terminal
Router(config)# vpn-interface-restriction deactivate
Router(config)# write
And then reboot device.
After entered this command, client will able connect VPN tunnel from LAN interface.
5 -
Hi Stanlley,I had problems using firefox and chrome opening the console. Java plugins don't seem to be supported anymore. I used putty to connect and this seemed to work.After entering the commands there and rebooting, clients can now connect.
If you can please, can you comment on if the internal vpn objects I created are even necessary? Or can I delete them? Because it seems internal clients use the regular VPN now.0 -
Hi @stephan
According the objects that you added, you can delete that and just keep objects those been referenced in VPN rule.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight