IKEV2 Server / Client -> DIfferent Lan adress for the client

Anthoshell
Anthoshell Posts: 13  Freshman Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security
Hi,

I'm running a IKEV2 VPN Server on my zyxel USG, client can access to 192.168.0.0 LAN, but i want them to use an adress with 192.168.100.X ... when i change the IP POOL in the IPSEC VPN settings and replace 192.168.0.220 - 192.168.0.230 by 192.168.100.220 - 192.168.100.220 my clients can't access local ressources ... 

Does someone know why ? 

THanks

Comments

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hello Anthoshell,
    Did you add the new routing on CMD on PC?
    Here is example, "route add 192.168.1.0 mask 255.255.255.0 192.168.100.33"
    "route add (local policy) mask (subnet of local policy) (the IP address you get after VPN established)"
    the"192.168.1.0" is local policy ,and "mask 255.255.255.0" is local policy subnet. "192.168.100.33" is the IP address you get after VPN established.


    Since you replaced the IP Pool which will be assigned to clients, you need to add the new routing on CMD on PC again.
    Moreover, after configured, check can you ping USG's gateway IP address(default setting is 192.168.1.1 or 192.168.2.1)
    Also, Turn off the firewall of local server.
    Charlie

  • Anthoshell
    Anthoshell Posts: 13  Freshman Member
    First Anniversary Friend Collector First Comment
    Hello Charlie,
    Thanks
    Client is used by more than 200 people ... is there another way to manage that ? Routing settings in the USG ? 
  • Ian31
    Ian31 Posts: 166  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    If the client is Windows, the IKEv2 tunnel will be the high priority default route, by default.
    Why need manual to add the route ?

    You can use "route print" to show the routing table of windows.
    Post the routing table is help to identify what's the issue.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited January 2018
    Hello Anthoshell,
    I want to confirm that do you want to configure the ikev2 with split tunnel (the same as your previous thread)or just ikev2 vpn?
    If your request is Ikev2 with split tunnel, you need the add the new routing on CMD on PC as I mentioned. Check this FAQ as your reference.
    https://businessforum.zyxel.com/discussion/937/does-ikev2-support-for-split-tunnel/p1?new=1
    However, if you need the Ikev2 VPN only, please follow the steps from attachment.
    Charlie

Security Highlight