IPSec Site to Site VPN - Connection between Clients without default gateway
Freshman Member
Hi,
I think I've seen a similar configuration like what I want to reproduce. But I unfortunately cannot.
Following Problem:
I've got two Zyxel USG. An USG60 in our headquarter and an USG20-VPN in one of our branches. Between this two Gateways a VPN tunnel is established:
Headquarter:
LAN IP USG: 192.168.10.254
Devices IPs: 192.168.10.200 - 192.168.10.225
Branch:
LAN IP USG: 192.168.13.254
Devices IPs: 192.168.10.127 - 192.168.10.130
The VPN tunnel between the USGs is working fine, but now here come the difficulties:
In the headquarter there are devices in the subnet 192.168.10.0/24 which are supported by an external company and where i can't set a default gateway.
These devices should communicate with 4 devices with an IP range from 192.168.10.127 to 192.168.10.130 installed in the branch. On these 4 devices I also can't set a default gateway.
I thought it could somehow be possible to connect the devices in the headquarter with the devices in the branch by setting routing policies and / or SNAT and without setting default gateway on den devices itself.
But I'm not sure if this even can work!?
I think I've seen a similar configuration like what I want to reproduce. But I unfortunately cannot.
Following Problem:
I've got two Zyxel USG. An USG60 in our headquarter and an USG20-VPN in one of our branches. Between this two Gateways a VPN tunnel is established:
Headquarter:
LAN IP USG: 192.168.10.254
Devices IPs: 192.168.10.200 - 192.168.10.225
Branch:
LAN IP USG: 192.168.13.254
Devices IPs: 192.168.10.127 - 192.168.10.130
The VPN tunnel between the USGs is working fine, but now here come the difficulties:
In the headquarter there are devices in the subnet 192.168.10.0/24 which are supported by an external company and where i can't set a default gateway.
These devices should communicate with 4 devices with an IP range from 192.168.10.127 to 192.168.10.130 installed in the branch. On these 4 devices I also can't set a default gateway.
I thought it could somehow be possible to connect the devices in the headquarter with the devices in the branch by setting routing policies and / or SNAT and without setting default gateway on den devices itself.
But I'm not sure if this even can work!?
0
Accepted Solution
-
Hi @pit
If device without default gateway, the traffic unable reach to other broadcast subnet.
It means all of routing scenario is unable realize including VPN.
BTW, why devices IP subnet is not the same as LAN(192.168.13.0/24)?
5
Zyxel Employee
All Replies
-
Hi @pit
If device without default gateway, the traffic unable reach to other broadcast subnet.
It means all of routing scenario is unable realize including VPN.
BTW, why devices IP subnet is not the same as LAN(192.168.13.0/24)?
5 -
It was planned, that the devices in the branch will be in the subnet 192.168.13.0/24. But as mentioned before the devices are supported by an external company and the technician installed the devices in the branch during my holidays with ether not knowing that a VPN tunnel is established between headquarters and branch (maybe he thought there is a wifi connection) or not knowing how the tunnel is configured.
Now I have the problem that the devices are "worthless" at the moment. So I thought that it may be possible to connect the devices without giving them a default gateway.
But if it's not possible I will get the devices configuration changed.
Thank you for your help!
PS: I've posted the question into the wrong category. Could you move it to USG Series?0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
