Zywal 310 VPN routing over different subnets?

KMP

We have the following setup on our Zywall 310:

LAN: 192.168.x.x/24

IPSec VPN site2site tunnel:

IPSec VPN tunnel local policy: 192.168.x.x/24

IPSec VPN tunnel remote policy: 10.0.x.x/24

VPN Client setup:

VPN client setup: 10.100.x.x/28

Our office has a few remote employees connecting with a client-vpn to local network (192.168.x.x/24). We would like to route these client connections for certain traffic through our existing VPN site2site tunnel for a remote service @ 10.0.x.x/24

What options do we have?

For instance we cannot add a second "local policy" (10.100.0.x/28) to the existing s2s tunnel. Should we then create a new vpn s2s tunnel with a local policy of 10.100.0.x/28?

We tryed to setup SNAT for vpn-client source addresses but it would not work.

Hoping someone could help us.

Thanks!

Zyxel_Emily

Hi @KMP,

You can follow the guide in this FAQ to configure policy route rules on both ZyWALLs.

FAQ:

How to forward traffic to branch site server after client established VPN tunnel

KMP

Hi Emily, thank you for answering. The other end of the tunnel is not a Zyxel device, i'm not sure what vpn-setup they have. But i the way you illustrate should be straight forward. We will have a look and report back.

KMP

https://businessforum.zyxel.com/discussion/comment/10751#Comment_10751

Hi again, would there be no need for a change in vpn-tunnel configuration? I'm thinking of the vpn "Local policy":

We only can add one subnet, not multiple subnets like i described above. Will this work with only a policy route on both ends?

mMontana

Try to create a tunnel for every subnet...