How to set up IPSec VPN for branches to use the Internet at the head office?
Options
Zyxel_James
Posts: 809 
Zyxel Employee
Zyxel Employee
in VPN
Question: How to set up IPSec VPN for branches to use the Internet at the head office
Scenario:
I have a USG FLEX 50H (branch) connected to a USG FLEX 200 (headquarter) via IPSec VPN. I want the branch computers to be able to access the headquarter using the headquarter's Internet.
Branch - USG FLEX 50H
LAN : 192.168.10.1
Head office - USG FLEX 200
LAN : 192.168.40.1
Answer:
This scenario could be achieved by route policy.
USG FLEX 50H needs one route policy rule
- Incoming: interface LAN 192.168.10.1/24
- Source Address: 192.168.10.1/24
- Destination/Service/Source port: Any
- Next Hop > Type: IPSec VPN Tunnel
USG FLEX 200 needs two route policy rules.
- Outgoing traffic for VPN remote subnet
- Incoming: Tunnel
- Source Address: 192.168.10.1/24
- Destination/Service/Source port: Any
- Next Hop > Type: Auto
- Return traffic from internet to VPN remote subnet
Incoming: Any
- Source Address: Any
- Destination: 192.168.10.1/24
- Service: Any
- Next Hop: VPN tunnel
0
Categories
- All Categories
- 441 Beta Program
- 2.9K Nebula
- 208 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 529 USG FLEX H Series
- 333 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 51 Wireless Ideas
- 6.9K Consumer Product
- 292 Service & License
- 461 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight