USG220 and policy routes to S2S VPN tunnel
Freshman Member
Hi!
I have a strange case. I need to use RADIUS server for L2TP authentication but RADIUS is in a cloud environment and communication to it is going through the S2S VPN tunnel. S2S use VTI with IP eg. 169.254.222.222. Radius' IP is 10.111.111.111, and my LAN pool is 192.168.0.0/16. Communication from LAN to the cloud environment works perfect, but when Zywall sending packages L2TP authentication is using VTI interface and source IP is 169.254.222.222, and cloud environment cannot route those packages. So I need to force Zywall to use LAN1 as a source when it is sending packages to Radius.
I did a lot of testing routing policies but communication never started working. Do you have some ideas how to achieve it?
0
All Replies
-
Hi Wojtas,
may SNAT is a solution for that?
https://support.zyxel.eu/hc/en-us/articles/360001378633-How-to-setup-SNAT-in-a-VPN-tunnel
it´s just an idea, I didn´t test it due to your use-case is not that standard.
Otherwise I still think Radius Cloud Server should acceppt USG network and a routing back to it.
Kind Regards,
Tobias0 -
No, when I have VPN configuration binded to VPN tunnel interface (vti0) I can't use SNAT in VPN configuration. I tried to use Polisy Route but when I selected the incoming ZyWALL then I couldn't set up SNAT.
0 -
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
