VPN into Main WAN VPN
Charles_MCE
Posts: 2 Freshman Member
Howdy all. I have looked and have quite found what I need to get my senario working
7 location business connected with a usg310 and 6 usg60's through IPSEC vpn. Works great
Added account to to zyxel to verify against AD.
Added SSL VPN to the 310. Thought it was working great since I could access our main location.
The ssl vpn seem to only have access to the 310 network and not of the other offices.
Support says I need to set up policy routes of force traffic over tunnel. CLicked force over tunnel and still nothing.
Unsure of the setting up of policies since I have not yet found any examples for my general scenario.
Any suggestions?
Would there be a better way to set this up?
Thank you in advance
7 location business connected with a usg310 and 6 usg60's through IPSEC vpn. Works great
Added account to to zyxel to verify against AD.
Added SSL VPN to the 310. Thought it was working great since I could access our main location.
The ssl vpn seem to only have access to the 310 network and not of the other offices.
Support says I need to set up policy routes of force traffic over tunnel. CLicked force over tunnel and still nothing.
Unsure of the setting up of policies since I have not yet found any examples for my general scenario.
Any suggestions?
Would there be a better way to set this up?
Thank you in advance
0
All Replies
-
First, here a best practice of multi-sites you can reference.
If you had well planning of private IP address space of sites. You don't need to use policy routes.
https://businessforum.zyxel.com/discussion/2259/connecitivity-between-multiple-ip-sec-vpn-connections
But if the IP address space cannot change. Then you need add policy route on both main and other sites. Because of the auto route of site-to-site VPN only define the route between main office and other offices. But didn't include the VPN client to other offices. Also on other office didn't include the route back to IP address of VPN client.
So that you need add policy route on main office, one for one office. And then add policy route on each office site for traffic back to VPN client.
Here the example route flow for SSL VPN client to main office and then office A.
SSL VPN clinet--->main office(add policy route for client to office A)--->site-to-site VPN--->office A
Then on office A, add return route back to SSL VPN client
office(add policy route for office A to client)--->site-to-site VPN--->main office--->SSL VPN client
And for SSL VPN settings on main office,
If you want to force VPN client to forward all traffic into SSL VPN tunnel.
Then, check the option "Force all client traffic to enter SSL VPN tunnel"
If you want SSL VPN client to split route.
Then, un-check "Force all client traffic to enter SSL VPN tunnel"
And add the Network address object, which the VPN client can access to, into Network List.
0 -
The tunnels were set up long before I start with this company. I have just introduced them to the external vpn option for the admins and executives when out.
I do have that box checked. It help resolve a couple other issues.
I am checking out the ling you included.
I will give it a try and let you know0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight