USG60 - Getting 2 subnets to talk to each other.

Options
robbiebit
robbiebit Posts: 4
Friend Collector First Comment
edited April 2021 in Security
I've attached a Visio diagram of my issue but here's the wordy version;

I have a ZyXEL USG60 behind my ISP gateway that is setup for a /29 block (8xIP) of public IP addresses.

I have setup a br1 bridge interface on the USG60 that contains WAN1 and LAN1. The br1 bridge interface allows me to deliver a public, static IP to the external interface of the Google WiFi, which creates a NAT subnet to 192.168.30.XXX.

In LAN2 I have my HOMELAB subnet which is on the NAT subnet of 192.168.20.xxx, delivered by the USG60.

Devices on the HOMELAB subnet (20.x) are unable to talk/ping/communicate with devices on the GWiFi subnet (30.xxx).

What further configuration must be done to allow these two subnets to communicate?


THANKS IN ADVANCE FOR ANY HELP!
Rob

All Replies

  • Ian31
    Ian31 Posts: 168  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    If there only single Google wifi point.
    It's better to configure it run in bridge mode and USG60 run in NAT router mode. 
    Then all wifi clients is lan1 and HOMELAB is lan2 of USG60 that can route by USG60.

  • PeterUK
    PeterUK Posts: 2,756  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Doing bridge limits the ability to route wireless WAN IP's to LAN2 from what I know.

    Can't you make LAN1 with the 69.xxx.xxx.xxx subnet DHCP by LAN1 and route with no NAT?


  • robbiebit
    Options
    Ian31 said:
    If there only single Google wifi point.
    It's better to configure it run in bridge mode and USG60 run in NAT router mode. 
    Then all wifi clients is lan1 and HOMELAB is lan2 of USG60 that can route by USG60.

    Unfortunately I have the 3-pack of Google WiFi

  • robbiebit
    Options
    PeterUK said:

    Doing bridge limits the ability to route wireless WAN IP's to LAN2 from what I know.

    Can't you make LAN1 with the 69.xxx.xxx.xxx subnet DHCP by LAN1 and route with no NAT?


    I do believe I'd still run into the same issue in that Google WiFi would grab the public IP and create it's own local-subnet that wouldn't be able to talk to my local subnet for my home lab. I don't have enough static IPs to go around for the whole network.

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options
    @robbiebit
    You can follow lan31's suggestion, and if there are 3-pack of Google WiFi, you can deploy switch between USG and Google Wifi, and configure Vlan to manage devices.
    Charlie
  • robbiebit
    Options
    @robbiebit
    You can follow lan31's suggestion, and if there are 3-pack of Google WiFi, you can deploy switch between USG and Google Wifi, and configure Vlan to manage devices.
    Charlie
    If I put the Google Wifi into bridge mode, I lose the guest network feature. That's a show stopper.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options

    @robbiebit
    I would like to confirm with you that can Google Wifi client talk/ping to HOMELAB but, HOMELAB are unable to talk/ping/communicate with host who is under Google Wifi? If so, here another way, if Google Wifi support 1:1NAT, you can configure as below:

    EX:
    You need to configure below setting on Google Wifi, and create routing on USG. 


    Otherwise, please know that if wifi client get the private IP from Google Wifi(NAT mode), the USG cannot route Homelab to the host which under Google Wifi.

    Charlie

     


Security Highlight