How do I allow SecuExtender clients to access servers in the remote site/company through VPN tunnel?

Zyxel_Emily
Zyxel_Emily Posts: 1,370  Zyxel Employee
Sixth Anniversary 1000 Comments 100 Answers Zyxel Certified Sales Associate
edited June 2022 in VPN

Topology

(lan: 192.168.1.0/24)USG60------IPSec VPN------USG210(lan: 192.168.11.0/24)----PC(192.168.11.33)

 

SSL VPN client is connected to USG60. SSL VPN pool is 192.168.99.0/24.

Site to site VPN tunnel is established between USG60 and USG210.

 

On USG60

Create a policy route.

Source: SSL VPN pool. In this example, SSL VPN pool is 192.168.99.0/24.

Destination: Remote Subnet. In this example, Remote Subnet is 192.168.11.0/24.

Next-Hop: site to site VPN tunnel.


Add 192.168.11.0/24 into Network List.


On USG210

Create a policy route.

Source: LAN subnet. In this example, SSL VPN pool is 192.168.11.0/24.

Destination: USG60's SSL VPN pool. In this example, USG60's SSL VPN pool is 192.168.99.0/24.

Next-Hop: site to site VPN tunnel.


Test result

SSL VPN client is connected to USG60 and gets IP 192.168.99.1.

Ping USG60's LAN successfully.

Ping 8.8.8.8 successfully.

Ping USG210's LAN PC 192.168.11.33 successfully.

Best regards,
Emily

Don't miss this great chance to upgrade your Nebula org. For free! https://bit.ly/4g2pS9L