USG 100 site-to -site vpn

Options
NRdroque
NRdroque Posts: 8
Friend Collector First Comment
edited April 2021 in Security

hi

we have a site-to-site line installed, to connect a wharehouse.


vpn.png

This is the basic diagram how can i connec the main vpn router to my network .

Any ideas will be aprecciate.

All Replies

  • jasailafan
    jasailafan Posts: 192  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Would you like to replace VPN router-Main with ZyWALL USG100 PLUS and establish VPN between VPN route-remote and ZyWALL USG100 PLUS?

    Or do you just want to insert VPN router-Main to the right-hand side of topology and keep the VPN connection between VPN router-Main and VPN route-remote? 

  • NRdroque
    NRdroque Posts: 8
    Friend Collector First Comment
    Options

    I'd like to insert VPN main and maintain the connectio

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,298  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @NRdroque,

    You can connect Vpn router Main to one unused lan interface (ex: lan2) of USG100-PLUS.

    Disable DHCP server on lan2 and set a static IP for Vpn route Main.

    On USG100-PLUS, add a static route rule as follows.

    Destination IP: IP address of the subnet of Vpn route remote (ex: subnet-1 IP 192.168.30.0)

    Subnet Mask: subnet mask of the subnet of Vpn router remote (ex: subnet-1 mask 255.255.255.0)

    Gateway IP: lan2 IP address of USG100-PLUS (ex: 192.168.2.1)

     

    On Vpn router Main, add a static route for traffic to company network (ex: lan1 subnet) of USG100-PLUS.

    Destination IP: IP address of company network (ex: lan1 IP 192.168.1.0)

    Subnet Mask: subnet mask of company network (ex: lan1 mask 255.255.255.0)

    Gateway IP: the IP address of the interface which is connected to USG100-PLUS on Vpn router Main (ex: IP-1)

    image.png
  • NRdroque
    NRdroque Posts: 8
    Friend Collector First Comment
    Options
    https://businessforum.zyxel.com/discussion/comment/11172#Comment_11172

    Hi have one question

    on VPn main Router

    Destination IP: IP address of company network (ex: lan1 IP 192.168.1.0)

    shouldn't be the Lan2 adress?

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,298  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @NRdroque,

    Thanks for your notification.

    Here is the revised configuration.


    On USG100-PLUS, add a static route rule as follows.

    Destination IP: IP address of the subnet of Vpn route remote (ex: subnet-1 IP 192.168.30.0)

    Subnet Mask: subnet mask of the subnet of Vpn router remote (ex: subnet-1 mask 255.255.255.0)

    Gateway IP: IP-1


    On Vpn router Main, add a static route for traffic to company network (ex: lan1 subnet) of USG100-PLUS.

    Destination IP: IP address of company network (ex: lan1 IP 192.168.1.0)

    Subnet Mask: subnet mask of company network (ex: lan1 mask 255.255.255.0)

    Gateway IP: 192.168.2.1

  • NRdroque
    NRdroque Posts: 8
    Friend Collector First Comment
    Options

    hi,

    have configure the static rule.

    192.168.15.0 - the second site ip range

    255.255.255.0 - the second site subnet

    192.168.13.254 - ip from LAN2


    image.png

    i cant ping any vpn router.

    it's needed to create a rule in the firewall?

  • NRdroque
    NRdroque Posts: 8
    Friend Collector First Comment
    Options

    i have conected as the model but i only can acess from the remote location to LAN2 ip address.

    how can i comunicate with LAN1 network?

    And from lan1 i can acess nothing on remote location.


    thanks for all your help

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)