Vpn Question On Usg 100

Daniel1981
Daniel1981 Posts: 6  Freshman Member
First Comment Third Anniversary
edited April 2021 in Security
I Have Usg 100 With Configured 13 VPN IPSEC

NAME - VPN GATEWAY

VPN1 - VPN1
VPN2 - VPN3
VPN3 - VPN3
.....................

I need to access VPN13 from all VPNs
Because from the VPN 1 client I can't access the resources of VPN13.
In VPN1 clients I can't see a server on VPN13.
I can access them are from the resources in the USG 100 network.

Do I have to set routes?


How can I do?




All Replies

  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Answer First Comment Third Anniversary
    edited April 2020
    You want one VPN tunnel remote access two subnet?
    USG100 doesn't support multiple traffic selectors.
  • Daniel1981
    Daniel1981 Posts: 6  Freshman Member
    First Comment Third Anniversary
    Ia have this situation
  • Daniel1981
    Daniel1981 Posts: 6  Freshman Member
    First Comment Third Anniversary
    I also tried to set up an SSL VPN, I reach the ZYXEL router but I do not reach office 7, even if I enter the vpn 7 addresses in the enabled addresses

  • Daniel1981
    Daniel1981 Posts: 6  Freshman Member
    First Comment Third Anniversary
    I also tried to create an SSL VPN to USG 100 from client 1-2-3-4-5-6
    I see the usg 100 and its resources but I do not reach headquarters 7 which is connected to the usg 100 in IPSEC.
    Where am I wrong?

  • zyman2008
    zyman2008 Posts: 219  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary
    The best is you had a well network IP address planning.
    So that the auto routing can work without set up extra policy route.
    https://businessforum.zyxel.com/discussion/2259/connecitivity-between-multiple-ip-sec-vpn-connections

    Otherwise, you need to configure complex policy routes in each site.
    On site 7: add policy route to Site 1-2-3-4-5-6, go into tunnel to USG100
    On site 1,2,3,4,5,6: add policy route to site 7, go into tunnel to USG100
    On USG100: 
    Add policy route for site 7 to site 1, go into tunnel to site 1
    Add policy route for site 7 to site 2, go into tunnel to site 2
    Add policy route for site 7 to site 3, go into tunnel to site 3
    Add policy route for site 7 to site 4, go into tunnel to site 4
    Add policy route for site 7 to site 5, go into tunnel to site 5
    Add policy route for site 7 to site 6, go into tunnel to site 6

    Add policy route for site 1-2-3-4-5-6 to site 7, go into tunnel to site 7

    Then you can imagine, what if you have 10 more sites even 100 sites
    Again, well network planning before you get crazy...

Security Highlight