Zyxel Zywall USG 300. 3 static IP addresses on one interface

link000
link000 Posts: 39  Freshman Member
Fifth Anniversary 10 Comments Friend Collector

Good afternoon. Help is needed. There is a Zyxel Zywall USG 300 gateway. A cable (twisted pair) from the provider comes to the ge7 port. There are 3 static IP addresses on the cable. On ge7 2 VLANs are raised. So we have ge7=..110.75, VLAN1=..93.188, VLAN2=..110.27. There is a client with the address ..93.125 from the same provider. We access the Internet through IP ..110.75. But, tracing (or ping) to the client address ..93.125 from any computer or server from the internal network "turns" to VLAN1=..93.188. Neither static routing nor routing policies help. How can I make pings and tracing go from the internal local network through ge7=..110.75 to the external network (Internet) and reach the client address ..93.125 without "wrapping up" to VLAN1=..93.188 ? ??

All Replies

  • PeterUK
    PeterUK Posts: 3,144  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers

    VLAN1 with

    .93.188

    should only have to ARP to .93.125 if they are in the same subnet?

  • link000
    link000 Posts: 39  Freshman Member
    Fifth Anniversary 10 Comments Friend Collector

    Yes, it would be nice.

  • jasailafan
    jasailafan Posts: 193  Master Member
    Sixth Anniversary 10 Comments 5 Answers Friend Collector

    How about adding a policy route?
    Incoming: zywall
    Destination: ..93.125
    Next hop: ge7=..110.75

  • link000
    link000 Posts: 39  Freshman Member
    Fifth Anniversary 10 Comments Friend Collector

    Thank you. Tried. Does not help.

  • PeterUK
    PeterUK Posts: 3,144  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers

    Can you draw a layout of what you want done of the network?

  • link000
    link000 Posts: 39  Freshman Member
    Fifth Anniversary 10 Comments Friend Collector

    Thank you. Tried. Does not help.

  • PeterUK
    PeterUK Posts: 3,144  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers
    edited April 2023

    So you *.*93.188 is based on port ge7 as VLAN1? So if you disable VLAN1 it should work?

    But whats the problem with PC SNAT out *.*93.188 to go to *.*.93.125 ?

    But if you need to go from *.*.110.75 in routing Advance check “Use IPv4 Policy Route to Overwrite Direct Route” with a routing rule to Destination *.*.93.125 SNAT out *.*110.75

  • link000
    link000 Posts: 39  Freshman Member
    Fifth Anniversary 10 Comments Friend Collector

    jasailafan, PeterUK, thanks for the answers! There is a blocking from the provider! I'm trying to resolve the issue.

Security Highlight