VPN Connection Between two USG60s Behind an ISP Modem

MisterWrinklyMisterWrinkly Member Posts: 3
edited January 30, 2020 10:43AM in ZyWALL USG Series

Hi, I have a different situation that I haven't ran into in the past and am wondering if someone can help me out.

I want to do a VPN connection with two USG60s so that Site A and Site B can access the same file server that is hosted on Site A. The problem I'm running into is that Site A's USG60 needs to be connected behind a Google Fiber network box due to a system that needs to be segregated off of the USG60 so the USG60 has a Lan address 192.168.2.x instead of a WAN address. Site B's USG60 can be connected right into the WAN and pulls a public IP. I've attached a diagram that may explain my situation better.



My initial thought was to have Site A establish the connection to Site B in a host/client setup, but I am not sure how to do that. I've only set up zyxel equipment in a Point to Point connection with two WAN addresses outlined here: https://businessforum.zyxel.com/discussion/551/an-example-of-site-to-site-vpn

All Replies

  • BlabababaBlabababa Member Posts: 113  Ally Member

    Who is the DHCP Server in your scenario (Site A)? Will Site A USG60 do NAT when Site A clients traffic passing through the Site A USG60? Because the Google Network Box LAN and the USG60 LAN both are using 192.168.2.x which looks a little bit confusing.

  • MisterWrinklyMisterWrinkly Member Posts: 3
    edited January 30, 2020 10:42AM

    My apologies, I see I made a couple mistakes in the diagram, here it is again with a couple edits.

    The google network box is the DHCP server providing an IP address to the USG60 and the USG60 in turn is providing addresses to the clients connected to it in this scenario.


    Thank you for the reply

  • dejmal69dejmal69 Member Posts: 16  Freshman Member

    Hello,

    If is an one site public address on usg wan, setting is the same. Use setting site to site between two public wan as Gateways. Nailed up option enable on site behind the google router, or on both.

  • Interesting, would Site A's local policy be the google network box's 192.168.2.0 or the USG60's 192.168.1.0?

  • dejmal69dejmal69 Member Posts: 16  Freshman Member

    Hello,


    policies are internal subnets of USGs. Local is local USG LAN, remote policy is LAN remote USG. Google network box subnet is not use in VPN settings.

Sign In to comment.