Configuration Problem.....

Froydor
Froydor Posts: 6
First Anniversary First Comment
edited April 2021 in Security
     I have 4 VPN300's, all 4 are working and forwarding packets between the 4 offices fine.  I've set these offices up in a mesh since I only have 4 nodes and the bandwidth at the home office would not be able to support all the traffic passing through.
     At each office, I have dialup users coming in using LDAP authentication, the connections are working well.  However, unlike the LAN hosts, dialup users can not access any office other than their local.  I have set up policy rules that take a remoteuser ip "10.0.100.1", looks at its destination, and then forwards it via a VPN tunnel to the appropriate office(the same one the LAN uses).  The packets never make it there. Unlike a local computer in the same LAN which can route packtes to any of the other 3 offices.
     I'm looking for an example of remote users accessing multiple offices configured in a mesh topology.

Thank you for your time.

All Replies

  • Froydor
    Froydor Posts: 6
    First Anniversary First Comment

  • Froydor
    Froydor Posts: 6
    First Anniversary First Comment
    edited June 2020
    I know I'm missing something really obvious.
    Rule #4 was a "test" rule to send traffic (192.168.4.x) to the Chesterfield VPN tunnel.  I know the tunnel is working as I can ping Chesterfield from any physical host in the LAN.

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Froydor  

    I guess your scenario should be like this one: Forward VPN client traffic to branch site

    There is no "reply" rules in your policy route. 

    You can try to follow this FAQ and add the rules on your devices and check if client is able receive reply packets after built VPN tunnel.

    Note: please also make sure client IP address, and each site IP subnet without any IP overlap.

Security Highlight