ZyXel USG110 routing
Freshman Member
Hello folks, please can anybody help me with one issue?
I have USG110 with 2 internet connections set up as trunk with WAN 1 active and WAN2 passive Least Load first and Index on outbound.
WAN1 is used for whole internet connection and WAN2 for IPSec VPN connection only. I have one routing rule which route trafic for VPN tunnel to this trunk, but VPN tunnel is connected via WAN1 but should connect via WAN2. Can I force USG110 to connect via WAN2 first?
IPSec VPN tunnel is connected to fortigate which is managed by cloud provider. On my side it is set up as nailed up connection.
Thank you very much.
I have USG110 with 2 internet connections set up as trunk with WAN 1 active and WAN2 passive Least Load first and Index on outbound.
WAN1 is used for whole internet connection and WAN2 for IPSec VPN connection only. I have one routing rule which route trafic for VPN tunnel to this trunk, but VPN tunnel is connected via WAN1 but should connect via WAN2. Can I force USG110 to connect via WAN2 first?
IPSec VPN tunnel is connected to fortigate which is managed by cloud provider. On my side it is set up as nailed up connection.
Thank you very much.
0
All Replies
-
We have an identical setup to yours and forced IPSec VPN to use wan2 via the VPN Gateway settings that we created for that VPN connection. See screenshot below:
If you need any additional details please feel free to ask.0 -
Ok but it doesnt solve situation when I need fallback and connectivity backup. I need to use WAN2 and in case it is down force VPN GW switch to WAN1. Thanks.AWUSupport said:We have an identical setup to yours and forced IPSec VPN to use wan2 via the VPN Gateway settings that we created for that VPN connection. See screenshot below:
If you need any additional details please feel free to ask.0 -
Apologies JanSery, reread your initial post a few times now and can see you are looking to failover of VPN back to wan1 if wan2 fails. We never went this far to make it automatically happen, and just manually changed VPN back to wan1 the very odd time we lost wan2.
Hope someone here has an automatic failback method you can use.0 -
Hi @JanSery,Welcome to Zyxel Community.
The link below is two Wan Internet VPN failover scenario configuration.You can follow this guide to set up VPN failover.GRE over IPSec VPN Tunnel –VPN Failover0 -
Hello,Zyxel_Cooldia said:Hi @JanSery,Welcome to Zyxel Community.The link below is two Wan Internet VPN failover scenario configuration.You can follow this guide to set up VPN failover.GRE over IPSec VPN Tunnel –VPN Failover
thank you for guide, but I am not sure if I can use it. I have no possibility to control or manage second side of VPN tunnel. I can manage only my side which is zyxel with two WANS and one VPN tunnel. There is only one WAN on second side and only one LAN pool.
Thank you.0 -
Hi @JanSery,That’s doable VPN failover scenario if both site are Zyxel device.Assume Site A is two wan site, and Site B is two wan Site.Site A VPN phase 1 setting, “My address” must set to 0.0.0.0, which means allow connection from wan 1 or wan 2, and peer gateway must set to dynamic address.As for site B, it supposed to have setting about primary/secondary, and something like “falling back when possible”Please note that, the scenario connection control is on peer site with one WAN.You can check if the cloud provider have setting something like these.Site A VPN phase 1 setting
Site B VPN phase 1 setting
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
