Configuration Problem.....

Froydor

     I have 4 VPN300's, all 4 are working and forwarding packets between the 4 offices fine.  I've set these offices up in a mesh since I only have 4 nodes and the bandwidth at the home office would not be able to support all the traffic passing through.
     At each office, I have dialup users coming in using LDAP authentication, the connections are working well.  However, unlike the LAN hosts, dialup users can not access any office other than their local.  I have set up policy rules that take a remoteuser ip "10.0.100.1", looks at its destination, and then forwards it via a VPN tunnel to the appropriate office(the same one the LAN uses).  The packets never make it there. Unlike a local computer in the same LAN which can route packtes to any of the other 3 offices.
     I'm looking for an example of remote users accessing multiple offices configured in a mesh topology.

Thank you for your time.

Froydor

Froydor

I know I'm missing something really obvious.

Rule #4 was a "test" rule to send traffic (192.168.4.x) to the Chesterfield VPN tunnel.  I know the tunnel is working as I can ping Chesterfield from any physical host in the LAN.

Zyxel_Stanley

Hi @Froydor  

I guess your scenario should be like this one: Forward VPN client traffic to branch site

There is no "reply" rules in your policy route. 

You can try to follow this FAQ and add the rules on your devices and check if client is able receive reply packets after built VPN tunnel.

Note: please also make sure client IP address, and each site IP subnet without any IP overlap.