IPSec VPN Client to access LAN/VLANS behind USG210

tenniseric79

I would like to know how I can configure an USG210 (or USG60W for that matter) to allow a computer with IPSEC VPN Client to access different LANs and VLANS behind the firewall.

My setup is this:
Computer with VPN client connected to a LAN with ipadress 192.168.x.x

VPN-tunnel to USG210
Thjis works fine. Connected and verytning. This VLAN is 10.10.13.0/29. I can ping the USG2010 that has 10.10.13.2 as the IP on this VLAN (1013)

So, behind this I have serveral LANS and VLANS (my servers and other stuff lies on those).

How do I configure my USG to allow traffic to the other subnets....for example

VLAN1011 (192.168.11.0)
VLAN1080 (192.168.80.0)
VLAN110 (192.168.110.0)

I guess I should use policy routes and maybe zones, I just don't understand how...
I have doing some test and labb but I don't want to mess things up....

Any suggestion or examples....?

PeterUK

What I do is make zones for the VLANs that way your individually making firewall rules for what VLAN can connect to a given VLAN but if you want it simple set all VLANs to LAN1 then make a firewall rule from LAN1 to LAN1 and they all connect.

Zyxel_Jeff

Hi @tenniseric79

You can enter to the Web-GUI path Configuration>VPN>IPsec>VPN Connection and edit IP range of the local policy such as following IP range 192.168.0.0./16.

Go to Configuration>Network>Routing>Policy Route and add a policy route. 

Thanks.

Peppino

Hi Jeff,

Can you reiterate that to a situation when one is using L2TP VPN? I reckon the policy route would be identical, but how does that translate to the local policy?

Zyxel_Stanley

Hi @Peppino
L2TP VPN tunnel is working on transport mode which belonging to "end-to-end" VPN tunnel.
So on USG setting local policy should configure as "WAN IP address" of USG.
You can refer to FAQ for make sure your setting is correct on USG & client.