USG 40 - Access to WAN2 from WAN1

danilo_finocchiaro
edited April 2021 in Security
Hi,
is possible to access to the web configuration page (https) of the WAN2 modem from the public IP of the WAN1?
How can i set the rules for do that?

Thank you!

All Replies

  • Ian31
    Ian31 Posts: 167  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi,
    What's IP address of WAN2 modem ? Is it private IP or public IP ?
    What's the case that need to use WAN1 IP instead of WAN2 ?

  • Hi, thank you for answer.
    In the WAN2 (OPT) there's a LTE modem that have dynamic public ip address and a static local ip.
    In the WAN1 i have a static public ip and i need to connect to the web interface of the LTE modem for maintenance. 
    Is it possible to do?

  • Ian31
    Ian31 Posts: 167  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi,
    If WAN2(OPT) will get an IP address from LTE modem via DHCP.
    Usually, the gateway IP address of WAN2(OPT) will be the local IP of LTE modem.
    You can direct to access this gateway IP to maintain it.

  • Hi,
    i've tried to configure NAT with the local ip address of the LTE modem and i've done a policy control rule but i can't be able to see the configuration page of the LTE modem. I think that is impossible to do...
  • Ian31
    Ian31 Posts: 167  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi,
    From my point of view, if you can access the LTE modem from LAN of the modem.
    Then it should be OK to access it behind the USG.

    Here the steps you can try to debug,
    1. Using SSH login to USG
    2. Command for packet trace,
    # packet-trace interface opt ip-proto icmp
    3. On PC connect to lan of USG, ping ip address of local ip of LTE modem 

    You should get the source IP address is OPT interface IP of your USG to destination IP(local ip of LTE modem)

    Here my example,
    It's ping from my internal PC(172.16.1.33) to the modem(192.168.1.1) in front of wan1 of my USG110.
    packet-trace on wan1 will get the source IP been translated as wan1 IP address(192.168.1.101)


    If the source IP address didn't translated. Then there might be mis-configure or the firmware bug.
    You can call Zyxel support to help to dig out the issue.

Security Highlight