USG220 and policy routes to S2S VPN tunnel
Hi!
I have a strange case. I need to use RADIUS server for L2TP authentication but RADIUS is in a cloud environment and communication to it is going through the S2S VPN tunnel. S2S use VTI with IP eg. 169.254.222.222. Radius' IP is 10.111.111.111, and my LAN pool is 192.168.0.0/16. Communication from LAN to the cloud environment works perfect, but when Zywall sending packages L2TP authentication is using VTI interface and source IP is 169.254.222.222, and cloud environment cannot route those packages. So I need to force Zywall to use LAN1 as a source when it is sending packages to Radius.
I did a lot of testing routing policies but communication never started working. Do you have some ideas how to achieve it?
0
All Replies
-
Hi Wojtas,
may SNAT is a solution for that?
https://support.zyxel.eu/hc/en-us/articles/360001378633-How-to-setup-SNAT-in-a-VPN-tunnel
it´s just an idea, I didn´t test it due to your use-case is not that standard.
Otherwise I still think Radius Cloud Server should acceppt USG network and a routing back to it.
Kind Regards,
Tobias0 -
No, when I have VPN configuration binded to VPN tunnel interface (vti0) I can't use SNAT in VPN configuration. I tried to use Polisy Route but when I selected the incoming ZyWALL then I couldn't set up SNAT.
0 -
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight