VPN : remote access to 2 sites

crsdg

Hello,
I have a company who has 2 sites.

I want create a mobile VPN (i already have) who can connect these 2 sites with only one configuration with VPN include in Windows (i don't want use secuextender).
Do you have a solution ?
Site 1 and Site 2 are linked with vpn ipsec site-to-site
I tried to connect laptop to Site1 (with vpn ikev2 and it works) and try to access at the site 2 with a routing but doesn't work.

thanks

PeterUK

Do the sites have non over lapping subnets that are enabled

crsdg

where can i check this?

(sorry i'm french)

PeterUK

like if you have on site 1 you use 192.168.1.0/24 and don't use 192.168.2.0/24 but is enabled and on site 2 use 192.168.2.0/24 and don't use 192.168.1.0/24 but is enabled this would cause a problem.

And the subnet of the VPN as server role needs to be on its own subnet

crsdg

in my site 1 i use 192.168.120.0/24 and this subnet is not present on the site 2.

in my site 2 i use 172.16.16.0 /24 and this subnet is not present on the site 1.

the subnet of vpn client is 192.168.10.0/24.

PeterUK

If you got the firewall rule to go from vpn client zone to site to site zone it should work.

Is “Use Policy Route to control dynamic IPSec rules” unchecked?

Try making a routing rule on site 1 with

incoming Tunnel

member VPN of client

destination 172.16.16.0 /24

next hop VPN Tunnel

tunnel of site to site

site 2 might need changing too with a routing rule to know where to send 192.168.10.0/24 back down the site to site tunnel

Zyxel_Jeff

Hello @crsdg

Welcome to the Zyxel community. May we know your problem is resolved? If none, could you provide the remote Web-GUI to let us check it? We will send a private message to you later, please check your inbox. Thanks.

crsdg

Many thanks problem is solved