USG110 - SSL VPN over OPT Interface
Freshman MemberHi.
We have actually two Internet Lines, connected to WAN1 and WAN2 and a WAN Trunk with WRR.
Now i would configure a third Internet Line, connected to the OPT interface, that is reserved for SSL VPN traffic. The SSL VPN should be configured in a way that all the client traffic goes trough the VPN Tunnel, so internet traffic incoming trough SSL VPN -> OPT should be routed then over WAN1/2.
I was no able to setup this configuration without adding the opt interface to the WAN group and so to the WAN trunk, but this is not the right solution for us because we have external services bound to the public IP adresses of WAN1/2.
Any solution to this?
Accepted Solution
-
Hi @mipa
Welcome to Zyxel Community. ?
In this scenario, you can set up as below,
1)Create a customize trunk with wan1 and wan2 interface.
“CONFIGURATION > Network > Interface > Trunk
2)Leave the default trunk as SYSTEM_DEFAULT_WAN_TRUNK
“CONFIGURATION > Network > Interface > Trunk > Default WAN Trunk”
3)Create a policy route for routing ssl vpn tunnel traffic to wan2/1.
“CONFIGURATION > Network > routing > Policy Route”
Incoming = SSL VPN
Next-Hop type= interface
Interface = wan2
4)Create a policy route for lan to wan traffic, the next hop is trunk(wan1 and wan2 only without opt).
“CONFIGURATION > Network > routing > Policy Route”
Incoming= Interface
Member = lan1
Next hop type = trunk
Select the trunk you created in step 1.
After complete settings above, the opt is for ssl vpn connection, and it will route to Internet via interface WAN 2. For Intranet host, outgoing traffic only goes to customize trunk(cus_trunk)wan 1 and wan 2.
1
Zyxel Employee
All Replies
-
Hi @mipa
Welcome to Zyxel Community. ?
In this scenario, you can set up as below,
1)Create a customize trunk with wan1 and wan2 interface.
“CONFIGURATION > Network > Interface > Trunk
2)Leave the default trunk as SYSTEM_DEFAULT_WAN_TRUNK
“CONFIGURATION > Network > Interface > Trunk > Default WAN Trunk”
3)Create a policy route for routing ssl vpn tunnel traffic to wan2/1.
“CONFIGURATION > Network > routing > Policy Route”
Incoming = SSL VPN
Next-Hop type= interface
Interface = wan2
4)Create a policy route for lan to wan traffic, the next hop is trunk(wan1 and wan2 only without opt).
“CONFIGURATION > Network > routing > Policy Route”
Incoming= Interface
Member = lan1
Next hop type = trunk
Select the trunk you created in step 1.
After complete settings above, the opt is for ssl vpn connection, and it will route to Internet via interface WAN 2. For Intranet host, outgoing traffic only goes to customize trunk(cus_trunk)wan 1 and wan 2.
1
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
