vpn client and nat server
hello, i have a problem that i can't configure usg40 for smart home working. I have a usg40 with public ip which is connected to a DNS server (2 internal network cards) wan side 192.168.250.xx, and the clients nested in lan 192.168.200.xx. I would like to join domain with home pc then open vpn and get the same ip address released I state that I tried to do a similar configuration with a DNS server that was not nattava and joined domain quietly. am I wrong something on nat server ??
Best Answers
-
Welcome to Zyxel community
Is this your topology below?
IPSec VPN client need to join the AD domain and get the IP address the same as subnet 192.168.200.X?
1 -
Hi @antonellobellisario ,
If in the AD server, each USER is divided into groups,
Then on USG settings, it just need to add one ext-group users into the rule.
For example:
There are three Sites group: HQ,Branch1 and Branch2, these sites belongs to the "Company" group,
There are five users under each sites (HQ-Jack,Tom; Branch1- John, Marry; Branch2- Jessica)
In this scenario, we only have to add one ext-group user on USG, that is the group "Company"
If there is no "Company"group, then it need to add three ext-group user in this scenario,
it need to add HQ group, Branch1 group and Branch2 group.
If there is no "Company" and the "Sites" group, then it need to add five ext-group user.
To make more easy setting on USG, it need to have a nice organize user into group on AD server.
1 -
Yes, if all users are in the group on AD server, then you just need to add one ext-group user on USG.
5 -
Those question/problems users shared here are valuable to us. And the experience sharing also can help other people when deploying their devices. Even sometimes you can get experienced feedback from different field experts. So we can just leave our discussions in the forum thread.
If you have any personal information to share with us, feel free to share the information in private message directly.
1
All Replies
-
Welcome to Zyxel community
Is this your topology below?
IPSec VPN client need to join the AD domain and get the IP address the same as subnet 192.168.200.X?
1 -
yes this is the typology ...
but how can I configure it ??
thanks
0 -
I managed to create the Ipsec vpn tunnel but I only reach the server on the wan side and I don't see the clients on the network and therefore I can't log in domain
0 -
You can try with L2TP over IPSec tunnel for certain purpose.
Here is user guide how to setup L2TP VPN
Here is FAQ of how to configure AD User do the authentication on L2TP scenario
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=013417&lang=EN
1 -
is there another way to join the domain without configuring the AD user? to make things easier maybe even changing the server configuration behind the zyxel
0 -
Hi @antonellobellisario ,
If in the AD server, each USER is divided into groups,
Then on USG settings, it just need to add one ext-group users into the rule.
For example:
There are three Sites group: HQ,Branch1 and Branch2, these sites belongs to the "Company" group,
There are five users under each sites (HQ-Jack,Tom; Branch1- John, Marry; Branch2- Jessica)
In this scenario, we only have to add one ext-group user on USG, that is the group "Company"
If there is no "Company"group, then it need to add three ext-group user in this scenario,
it need to add HQ group, Branch1 group and Branch2 group.
If there is no "Company" and the "Sites" group, then it need to add five ext-group user.
To make more easy setting on USG, it need to have a nice organize user into group on AD server.
1 -
OK! I got it I have it in Ad Server "bellisario" domain with an "utenti di segreteria" group and all users in that group. In this scenario, i must to add one ext-group user on USG, that is the group "utenti di segreteria" is it correct?
0 -
Yes, if all users are in the group on AD server, then you just need to add one ext-group user on USG.
5 -
i can't make vpn connection with server :(
0 -
Those question/problems users shared here are valuable to us. And the experience sharing also can help other people when deploying their devices. Even sometimes you can get experienced feedback from different field experts. So we can just leave our discussions in the forum thread.
If you have any personal information to share with us, feel free to share the information in private message directly.
1
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight