ZyWall 110 VPN Client Setup

Costas
Costas Posts: 9
First Anniversary Friend Collector First Comment
edited April 2021 in Security

First of all I'm new to VPN setups. I found the IKEv2 VPN client to site doc and tried to follow the steps.

My situation, the router is on 192.168.0.0/21 and clients can be (likely to be) in that range. Router is not the DHCP server for local subnet. Tried to set LAN2 to something like 192.168.48.0/24 and enabled DHCP with starting range of 192.168.48.50.

Connected with Windows VPN client, shows connected but gets an address of 192.168.48.3 with a subnet of 255.255.255.255 and no gateway so I'm definitely doing something wrong.

I need to have the VPN client connect to the router and I only need to connect to one device on the office network so any connection to forward to single address on local network, ie 192.168.1.115.

Any help pointing me in the right direction is appreciated.

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,026  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Costas

    Can you draw the topology of your environment for us?

  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    What's your VPN client ?

  • Costas
    Costas Posts: 9
    First Anniversary Friend Collector First Comment

    @Zyxel_Jerry

    Something along these lines. Local being the office and Remote being a user from home or outside of the office. I found another article referencing SNAT but haven't had a chance to look further into it. I thought setting LAN2 to a different subnet with DHCP would do it but as I stated it only provided the client with an IP, not in the pool I designated (although not a big deal) , but didn't assign a gateway and masked it at 255.255.255.255.

    To also answer the other member, using the built-in Windows 7 VPN client.

  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Costas,

    It's a PPP interface after the IKEv2 dial-up on windows.

    So that the interface get IP with /32 net mask without gateway.

    And the routing to remote subnet is add.


    You can use "route print" command on windows to show the routing table.

    There is a route entry to your local subnet bind on the PPP interface.

Security Highlight