VPN access other interface

ASDNet
ASDNet Posts: 4
First Comment
edited April 2021 in Security

Hi guys,

is there a way to gain access to another interface through VPN (Site to Site)?

Let's say the tunnel gains access to LAN1 on both sides, now on side a i have a printer in LAN2 and on side b i have a printer in LAN3.

What i need is to access LAN2 on side b and LAN3 on side a.

Thank you.

Comments

  • Ian31
    Ian31 Posts: 165
    5 Answers First Comment Friend Collector Fifth Anniversary
     Master Member

    What's the firewall model on both side ?

    Zyxel firewall with ZLD 4.20 or above can support both policy-based and route-based IPSec VPN.

    1.For policy-based IPSec (all ZLD version)

    (1)on side a, add a policy route src.: side a LAN2 subnet to dst.: side b LAN3 subnet, next-hop: the IPSec tunnel to side b

    (2)on side b, add a policy route src.: side b LAN3 subnet to dst.: side a LAN2 subnet, next-hop: the IPSec tunnel to side a


    2.For route-based IPSec (ZLD 4.20 or above)

    (1)on side a, add a static route, dst.: side b LAN3 subnet, the vti interface to side b

    (2)on side b, add a static route, dst.: side a LAN2 subnet, the vti interface to side a

  • Hi,

    Side A, ATP500, FW 4.35

    Side B, USG 50, FW 3.30(BDS.9)

    I'll try and i'll let you know.

    Very much appreciated!

  • I went with the static route but i still don't get no response to my pings, on both sides.

  • Just to be more precise, with the static route i get the following answer from each sides Zywall:

    Reply from "IP Zywall": destination host unreachable

  • Ian31
    Ian31 Posts: 165
    5 Answers First Comment Friend Collector Fifth Anniversary
     Master Member

    You have the old USG50 that only support policy-based IPSec.

    So that you need to use policy route on both side.

    Static route is not work on your case.

Security Highlight