How can remote access VPN (split tunnel) reach remote sites by site-to-site VPN?

Zyxel_Melen

Assume the remote access VPN connects to site a. To reach the requirement, we need to setup static route on side b, so side b firewall knows where it should send the packet back to remote access VPN client.

Here are the setup steps for full tunnel mode (side a use test#1 as example, side b use test#2 as example):

1. Navigate to Nebula side b > Menu > Monitor > firewall > VPN connection. Find the VTI IP of side a.
   
2. Navigate to Menu > Site-wide > Configure > Firewall > Routing. Add the static routing rule like below.
   
3. Setup split tunnel:
   1. IkeV2 split tunnel, please reference this FAQ:
      
      https://community.zyxel.com/en/discussion/30664/does-the-usg-flex-h-model-support-multiple-split-tunnels-for-the-windows-native-vpn-client
   2. SSLVPN in the latest firmware version support multiple local networks for Split Tunnel mode. You can add the remote subnet directly.
4. Connect remote access VPN and ping side b. Test result should be success.