Zyxel USG 60 map IPSec VPN connection
Hi,
I have configured IPSec VPN connection and everything works when I'm accessing remote VPN resources from LAN. What I need is to map defined TCP port from specific external public IP to VPN resource.
I've tried creating NAT virtual server rule as:
source interface/IP: as WAN/external computer IP and destination IP as VPN resource IP on specified ports. Firewall is not blocking access, I see incoming connection from my external IP redirected to internal VPN host, but that's it. I have no connection with VPN host. Is it possible to use my Zyxel device as sort of "gateway" for VPN connection from outside without modifying VPN provider settings? I know this is not secure solution, but in this case I have no other way to access VPN resource.
All Replies
-
Tested here and it works.
is VPN client IP fixed?
try with NAT rule set for source IP to any
is there a firewall rule from WAN to IPSec_VPN for the port?
0 -
I've tried with and without firewall rule. VPN connection local rule is set to LAN subnet. When I change it to external IP then I can't establish connection at all.
0 -
That might be why then the VPN IP subnet/range needs to be different the other LAN subnets
0 -
So what can I do it this situation? I've tested connection from same external IP to my local PC and everything works. I can access every local resource except that one VPN host.
0 -
Change VPN IP subnet/range to not overlap
unless I read what your trying to do wrong? you can't have from the same source IP to go to the same port under one WAN IP.
like you can;t do this
source IP 2.2.2.2 USG WAN 3.3.3.3 forward to LAN1 192.168.0.2 port 80
source IP 2.2.2.2 USG WAN 3.3.3.3 forward down VPN 192.168.10.2 port 80
0 -
I know I can't forward same source IP to 2 different hosts.
My LAN subnet is 192.168.120.0, my VPN remote host is 192.168.200.80. VPN connection policies are set like that: local - LAN_subnet, remote: 192.168.200.80. I have access from any PC in LAN subnet to VPN host 192.168.200.80. What I need to do is give access to that resource to one PC from outside. E.g. PC X with public IP X.X.X.X can connect VPN host 192.168.200.80 by accessing my Zyxel WAN_IP:VPN-HOST_PORT. I also still need to have access to that VPN host from LAN subnet. I hope now everything is clear. Thanks.0 -
So your VPN local policy is set with 192.168.120.0 ? you need to set it to 0.0.0.0 and in VPN gateway domain name /IPv4 0.0.0.0
I think thats the problem and why the NAT rule didn't work I tested with VPN local policy WAN IP and VPN gateway as WAN interface.
0 -
Yes, my VPN local policy is set with 192.168.120.0. My VPN gateway domain name is IPv4 0.0.0.0.
When I change VPN local policy for something else than LAN subnet I can't establish connection at all - dial timeout. Is it possible that my VPN provider somehow blocked connection from outside my LAN? If so - is it possible to bypass that?0 -
can you set it like this
0 -
When I set local policy like this, connection with VPN drops and I receive dial timeout warning message. I can't connect until I change local policy back to LAN_Interface subnet.
0
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 263 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
