USGflex H Remote Access VPN users: access to all resources within a site-to-site vpn network

Holger_AZ

Hello all,

can someone give me a hint, please? I need some remote vpn users to have access to the complete site-to-site vpn network, not only to the site they're connected to.

The remote access vpn is configured as full tunnel. I tried several things like policy routes and zone settings, but it does not work. Is there a tutorial available regarding this topic?

Hardware: USGflex 500H and USGflex 200HP, v1.31

Thx,

Holger

PeterUK

so USG 192.168.201.0/24 192.168.202.0/24, 192.168.203.0/24 are over the internet?

all models are FLEX H?

You will need to do site-to-site to link them all for the Remote Access VPN to go down each tunnel for the network.

I get you started

on 192.168.200.0/24 USG

Click add to make site-to-site

name it click Custom

select my address your WAN

Peer Gateway Address WAN IP or domain of USG with LAN 192.168.201.0/24

for now leave zone as IPSec_VPN

set Pre-Shared Key per each tunnel

advanced settings

Local ID 192.168.200.0@router.com

Remote ID 192.168.201.0@router.com

in Phase 2 Settings Nailed-up

add Local 192.168.250.0/24

remote 192.168.201.0/24

then apply

on 192.168.201.0/24 USG

Click add to make site-to-site

name it click Custom

select my address your WAN

Peer Gateway Address WAN IP or domain of USG with LAN 192.168.200.0/24

for now leave zone as IPSec_VPN

set Pre-Shared Key match above

advanced settings

Local ID 192.168.201.0@router.com

Remote ID 192.168.200.0@router.com

in Phase 2 Settings Nailed-up

add Local 192.168.201.0/24

remote 192.168.250.0/24

then apply

Check you are linked up for the tunnel

Then firewall rule from remote_VPN to IPSec_VPN on USG 192.168.200.0/24