Routing L2TP for access other tunnels

2

All Replies

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    Exactly, I want those who connect to the remote access function to be able to access the site-to-site tunnels.

    The subnets are from the other tunnels I have site-to-site from my office's lan1_subnet. Two of them make a next-hop for having SNAT configuration.

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    But do the other sites have the same subnet as other sites? all sites must have diffrenet subnets like 192.168.1.0/24 on one site must not be used or enabled on another site.

    I have a setup like you need you connect by remote access then the traffic goes down a site to site tunnel and thats without adding routing rules becuase the site to site has the remote policy subnet.

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary
    edited April 2023

    from the remote access 192.168.50.x I need to be able to access the three subnets: 192.168.0.x 192.168.69.x and 192.168.0.64

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    I do not understand what you mean. When connecting through my remote access I need to be able to access the other three subnets of the site-to-site tunnels: 192.168.0.x 192.168.69.x and 192.168.64.x

    But I don't know what kind of routing rule to configure for it.

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    I do not understand what you mean. When connecting through my remote access I need to be able to access the other three subnets of the site-to-site tunnels: 192.168.0.x 192.168.69.x and 192.168.64.x

    But I don't know what kind of routing rule to configure for it.

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary
    edited April 2023

    I do not understand what you mean. When connecting through my remote access I need to be able to access the other three subnets of the site-to-site tunnels: 192.168.0.x 192.168.69.x and 192.168.64.x

    But I don't know what kind of routing rule to configure for it.

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    my remote access is set to 192.168.50.x

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Testing here you don't need routing rules I was thinking you did but in my setup you don't need them.

    What you do need is policy control rule from VPN zone to site to site zone

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    I made a diagram in case it helps

    Could you explain what you mean by is policy control rule from VPN zone to site to site zone?

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited April 2023

    As in firewall rule in my case:

    what you might have to do is make three more site to site with your VPN remote access for local policy to remote policy then each other site with VPN remote access for remote policy and there local policy.

Security Highlight