Configuration Problem.....
I have 4 VPN300's, all 4 are working and forwarding packets between the 4 offices fine. I've set these offices up in a mesh since I only have 4 nodes and the bandwidth at the home office would not be able to support all the traffic passing through.
At each office, I have dialup users coming in using LDAP authentication, the connections are working well. However, unlike the LAN hosts, dialup users can not access any office other than their local. I have set up policy rules that take a remoteuser ip "10.0.100.1", looks at its destination, and then forwards it via a VPN tunnel to the appropriate office(the same one the LAN uses). The packets never make it there. Unlike a local computer in the same LAN which can route packtes to any of the other 3 offices.
I'm looking for an example of remote users accessing multiple offices configured in a mesh topology.
Thank you for your time.
At each office, I have dialup users coming in using LDAP authentication, the connections are working well. However, unlike the LAN hosts, dialup users can not access any office other than their local. I have set up policy rules that take a remoteuser ip "10.0.100.1", looks at its destination, and then forwards it via a VPN tunnel to the appropriate office(the same one the LAN uses). The packets never make it there. Unlike a local computer in the same LAN which can route packtes to any of the other 3 offices.
I'm looking for an example of remote users accessing multiple offices configured in a mesh topology.
Thank you for your time.
0
All Replies
-
0 -
I know I'm missing something really obvious.Rule #4 was a "test" rule to send traffic (192.168.4.x) to the Chesterfield VPN tunnel. I know the tunnel is working as I can ping Chesterfield from any physical host in the LAN.0
-
Hi @Froydor
I guess your scenario should be like this one: Forward VPN client traffic to branch site
There is no "reply" rules in your policy route.
You can try to follow this FAQ and add the rules on your devices and check if client is able receive reply packets after built VPN tunnel.
Note: please also make sure client IP address, and each site IP subnet without any IP overlap.
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight