Routing L2TP for access other tunnels

alexpe
alexpe Posts: 42  Freshman Member
First Comment Friend Collector Fourth Anniversary

Hello,
I have a USG 110. I have configured a L2TP tunnel over IPSEC. The connection works perfectly for me. I am trying to configure a routing to be able to access the subnets of other tunnels that I have from site to site. But I am not able to reach them. Could someone help me configure the routing to be able to access the rest of the tunnels that I have configured from L2TP?

«13

All Replies

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    Concentrator…

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited April 2023

    Do you have any overlapping subnets that are enabled per given site and the other sites with the same subnet?

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    I do not understand what you mean. I have three subnets within the same lan. I need the L2TP tunnel over IPsec to be able to reach these three subnets.

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited April 2023

    Is your setup like this

    https://support.zyxel.eu/hc/en-us/articles/360010904260-VPN-Routing-traffic-from-VPN-tunnel-to-a-another-VPN-site-VPN-Routing-

    https://support.zyxel.eu/hc/en-us/articles/360000709460-VPN-Configure-Failover-with-Dual-WAN-Trunk-Failover-VPN-Concentrator-#h_01GM2Z78N7WGXGP5W6XB5AFGHP

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    Thank you very much for your comments. I think I have not explained myself well with my problem.
    I have created an access to my office through L2TP tunnel

    I can access my office subnet without problem.
    In my office there are another 3 site-to-site tunnels configured with three different subnets. In those 3 subnets I have routing rules to be able to access from my office.
    What I need is to create a routing rule to be able to access from my L2TP access to the other three subnets.

    Routing rule 1. is the one that I have configured to be able to access the other three subnets, but it doesn't work for me. Could you tell me why?

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    I have tried what you mentioned but it still doesn't work for me. I think the problem is in local policy

    What would be the correct one?

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited April 2023

    So you want those connected to remote access server role to connect to the site to site tunnels?

    What are the subnets? From what I see in routeing rule you use the same source LAN1_subnet

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    Exactly, I want those who connect to the remote access function to be able to access the site-to-site tunnels.

    The subnets are from the other tunnels I have site-to-site from my office's lan1_subnet. Two of them make a next-hop for having SNAT configuration.

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited April 2023

    So shouldn't those who connect to the remote access have routing rules from source 192.168.50.1-192.168.50.250 with Destination to next hop site to site tunnels?

Security Highlight