VPN access other interface

ASDNet · December 2019

Hi guys,

is there a way to gain access to another interface through VPN (Site to Site)?

Let's say the tunnel gains access to LAN1 on both sides, now on side a i have a printer in LAN2 and on side b i have a printer in LAN3.

What i need is to access LAN2 on side b and LAN3 on side a.

Thank you.

Ian31 · December 2019

What's the firewall model on both side ?

Zyxel firewall with ZLD 4.20 or above can support both policy-based and route-based IPSec VPN.

1.For policy-based IPSec (all ZLD version)

(1)on side a, add a policy route src.: side a LAN2 subnet to dst.: side b LAN3 subnet, next-hop: the IPSec tunnel to side b

(2)on side b, add a policy route src.: side b LAN3 subnet to dst.: side a LAN2 subnet, next-hop: the IPSec tunnel to side a

2.For route-based IPSec (ZLD 4.20 or above)

(1)on side a, add a static route, dst.: side b LAN3 subnet, the vti interface to side b

(2)on side b, add a static route, dst.: side a LAN2 subnet, the vti interface to side a

ASDNet · December 2019

Hi,

Side A, ATP500, FW 4.35

Side B, USG 50, FW 3.30(BDS.9)

I'll try and i'll let you know.

Very much appreciated!

ASDNet · December 2019

I went with the static route but i still don't get no response to my pings, on both sides.

ASDNet · December 2019

Just to be more precise, with the static route i get the following answer from each sides Zywall:

Reply from "IP Zywall": destination host unreachable

Ian31 · December 2019

You have the old USG50 that only support policy-based IPSec.

So that you need to use policy route on both side.

Static route is not work on your case.

Comments