IPSec VPN Client to access LAN/VLANS behind USG210

Options
tenniseric79
tenniseric79 Posts: 1  Freshman Member
First Anniversary
edited April 2021 in Security
I would like to know how I can configure an USG210 (or USG60W for that matter) to allow a computer with IPSEC VPN Client to access different LANs and VLANS behind the firewall.

My setup is this:
Computer with VPN client connected to a LAN with ipadress 192.168.x.x

VPN-tunnel to USG210
Thjis works fine. Connected and verytning. This VLAN is 10.10.13.0/29. I can ping the USG2010 that has 10.10.13.2 as the IP on this VLAN (1013)

So, behind this I have serveral LANS and VLANS (my servers and other stuff lies on those).

How do I configure my USG to allow traffic to the other subnets....for example

VLAN1011 (192.168.11.0)
VLAN1080 (192.168.80.0)
VLAN110 (192.168.110.0)

I guess I should use policy routes and maybe zones, I just don't understand how...
I have doing some test and labb but I don't want to mess things up....

Any suggestion or examples....?


All Replies

  • PeterUK
    PeterUK Posts: 2,714  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 2021
    Options

    What I do is make zones for the VLANs that way your individually making firewall rules for what VLAN can connect to a given VLAN but if you want it simple set all VLANs to LAN1 then make a firewall rule from LAN1 to LAN1 and they all connect.


  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,066  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @tenniseric79

    You can enter to the Web-GUI path Configuration>VPN>IPsec>VPN Connection and edit IP range of the local policy such as following IP range 192.168.0.0./16.


    Go to Configuration>Network>Routing>Policy Route and add a policy route. 


    Thanks.


  • Peppino
    Peppino Posts: 138  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options
    Hi Jeff,

    Can you reiterate that to a situation when one is using L2TP VPN? I reckon the policy route would be identical, but how does that translate to the local policy?
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @Peppino
    L2TP VPN tunnel is working on transport mode which belonging to "end-to-end" VPN tunnel.
    So on USG setting local policy should configure as "WAN IP address" of USG.
    You can refer to FAQ for make sure your setting is correct on USG & client.

Security Highlight