Routing L2TP for access other tunnels

13»

All Replies

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    I have tried to configure it as you indicate and I am sorry to tell you that it does not work for me.
    If I configure a rule in the firewall it doesn't work and by putting the remote access in the same subnet as in the site to site the site to site tunnel fails.
    I don't know what to do with this anymore. Any other ideas to try?

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @alexpe,
    Please give me the remote access of these two sites in private message. I'll remotely check the configuration and tell you how to configure on both sites.

    See how you've made an impact in Zyxel Community this year!
    https://bit.ly/Your2024Moments_Community

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    You need site to site for both ends

    so

    your office

    remote access server role 192.168.50.1-192.168.50.250

    site to site local policy 172.26.0.x remote policy 192.168.0.x

    site to site local policy 172.26.0.x remote policy 192.168.64.x

    site to site local policy 172.26.0.x remote policy 192.168.69.x

    site to site local policy 192.168.50.1-192.168.50.250 remote policy 192.168.0.x

    site to site local policy 192.168.50.1-192.168.50.250 remote policy 192.168.64.x

    site to site local policy 192.168.50.1-192.168.50.250 remote policy 192.168.69.x

    site with 192.168.0.x

    site to site local policy 192.168.0.x remote policy 172.26.0.x

    site to site local policy 192.168.0.x remote policy 192.168.64.x

    site to site local policy 192.168.0.x remote policy 192.168.69.x

    site to site local policy 192.168.0.x remote policy 192.168.50.1-192.168.50.250

    site with 192.168.64.x

    site to site local policy 192.168.64.x remote policy 172.26.0.x

    site to site local policy 192.168.64.x remote policy 192.168.0.x

    site to site local policy 192.168.64.x remote policy 192.168.69.x

    site to site local policy 192.168.64.x remote policy 192.168.50.1-192.168.50.250

    site with 192.168.69.x

    site to site local policy 192.168.69.x remote policy 172.26.0.x

    site to site local policy 192.168.69.x remote policy 192.168.64.x

    site to site local policy 192.168.69.x remote policy 192.168.0.x

    site to site local policy 192.168.69.x remote policy 192.168.50.1-192.168.50.250

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    Good afternoon Peter,
    I do not understand what you tell me. In your comment yesterday you indicated that they were firewall rules now local policies.
    In my remote access configuration I only have a local policy option. I leave you a picture.

    I don't understand where I have to add all the local and remote policy that you mention.

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    I guess you can let Emily from Zyxel to help you with remote access to your USG's.

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    Thanks Peter for your help. I'll wait for Emily's reply.

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @alexpe,


    I just checked the configuration on both devices. Please modify the settings as follows.

    Remote office- USG60

    In policy route, select NP_RGH-AV2 as Next-Hop. Create a new address object 192.168.50.0/24 that is the L2TP VPN subnet on USG110.

    My Office - USG110

    In policy route rule 2, select NP_AV-CR2 as Next-Hop.

    Rule 3 and 4 are unnecessary. You can turn off these two policy routes.

    Besides, you don't need to create a new zone for L2TP VPN. Just keep it as the default zone setting IPSec_VPN.

    Then you don't need security policy rule 1-3.

    See how you've made an impact in Zyxel Community this year!
    https://bit.ly/Your2024Moments_Community

  • alexpe
    alexpe Posts: 42  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    Hi Emily,

    In the remote office USG-60 I have changed the configuration as you indicate.

    My Office - USG110

    After doing this configuration, I have lost the communication of the site to site tunnel from my office to the remote office. And because of the L2TP access I don't have communication either.

Security Highlight