VPN Connection Between two USG60s Behind an ISP Modem

MisterWrinkly
MisterWrinkly Posts: 3  Freshman Member
First Comment Friend Collector
edited April 2021 in Security

Hi, I have a different situation that I haven't ran into in the past and am wondering if someone can help me out.

I want to do a VPN connection with two USG60s so that Site A and Site B can access the same file server that is hosted on Site A. The problem I'm running into is that Site A's USG60 needs to be connected behind a Google Fiber network box due to a system that needs to be segregated off of the USG60 so the USG60 has a Lan address 192.168.2.x instead of a WAN address. Site B's USG60 can be connected right into the WAN and pulls a public IP. I've attached a diagram that may explain my situation better.



My initial thought was to have Site A establish the connection to Site B in a host/client setup, but I am not sure how to do that. I've only set up zyxel equipment in a Point to Point connection with two WAN addresses outlined here: https://businessforum.zyxel.com/discussion/551/an-example-of-site-to-site-vpn

All Replies

  • Blabababa
    Blabababa Posts: 151  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary

    Who is the DHCP Server in your scenario (Site A)? Will Site A USG60 do NAT when Site A clients traffic passing through the Site A USG60? Because the Google Network Box LAN and the USG60 LAN both are using 192.168.2.x which looks a little bit confusing.

  • MisterWrinkly
    MisterWrinkly Posts: 3  Freshman Member
    First Comment Friend Collector
    edited January 2020

    My apologies, I see I made a couple mistakes in the diagram, here it is again with a couple edits.

    The google network box is the DHCP server providing an IP address to the USG60 and the USG60 in turn is providing addresses to the clients connected to it in this scenario.


    Thank you for the reply

  • dejmal69
    dejmal69 Posts: 16  Freshman Member
    First Comment First Anniversary

    Hello,

    If is an one site public address on usg wan, setting is the same. Use setting site to site between two public wan as Gateways. Nailed up option enable on site behind the google router, or on both.

  • MisterWrinkly
    MisterWrinkly Posts: 3  Freshman Member
    First Comment Friend Collector

    Interesting, would Site A's local policy be the google network box's 192.168.2.0 or the USG60's 192.168.1.0?

  • dejmal69
    dejmal69 Posts: 16  Freshman Member
    First Comment First Anniversary

    Hello,


    policies are internal subnets of USGs. Local is local USG LAN, remote policy is LAN remote USG. Google network box subnet is not use in VPN settings.

Security Highlight