Zywall 310 - Multi spte VPN - Client L2tp Cant browse remote sites

Emerald
Emerald Posts: 36  Freshman Member
First Comment Fifth Anniversary
edited April 2021 in Security
Afternoon

Ive a multi site VPN setup, a zywall 310 is at the hub site. 5 remote sites inter-routing ok (am using the VPN concentrator feature)

Ive now setup Mac VPN clients, Then connect to the hub site ok and can ping / browse that hub sites LAN ok.
However i am unable to ping any other site.
When doing a trace route to a remote site lan the third hop is the WAN ip of the hub site.

All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    HI @Emerald

    keep in mind VPN clients address ranges must be in VPN multisite configuration, and routes on servers via the VPN.
    (Other solutions could include Source NAT for the VPN clients address ranges).

    I hope it helps you. 
  • Emerald
    Emerald Posts: 36  Freshman Member
    First Comment Fifth Anniversary
    Good answer.
    On thinking about your answer, I do have intersite routig working ok betweek site - site vpn.
    I notice I cannot add the L2TP VPN into the VPN concentrator.
    Should I be looking at policy routes
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @Emerald,

     

    The concentrator is configured on the hub site and L2TP VPN client is connected to the hub.

    Create a policy route on the hub site and the spoke site respectively.

     

    Hub

    Incoming: L2TP VPN tunnel

    Destination Address: Subnet of spoke_1 site

    Next-Hop: site to site VPN tunnel between hub and spoke_1


    Spoke_1

    Source Addrsss: Subnet of spoke_1 site

    Destination Address: L2TP VPN pool of the hub site

    Next-Hop: site to site VPN tunnel between hub and spoke_1



Security Highlight