LAN 1 - LAN2 : USG Flex 200
Hi
This is my first time using a Zyxel FW appliance and I need a little assistance.
I have two physical LAN's in office, LAN1 - 192.168.0.0/24 (P4) and LAN2 - 10.85.221.160/28 (P5) and I need them to talk to each other.
No DHCP on either ports (LAN1 managed by inhouse domain controller, LAN2 no DHCP)
LAN1(P4) => office network switch
LAN2(P5) => 3rd party Cisco router w/4 active switch ports (gateway for LAN2)
I am able to ping from the USG appliance to all (ping-able) devices on either LAN but I am unable to ping/access anything from one LAN to another.
I have setup FW rules to allow traffic flow both ways but I have had no luck. Policies below:
LAN1 - LAN2 - any - any - any - any - allow
LAN2 - LAN1 - any - any - any - any - allow
Is there something I am missing? I have used SonicWALL and Sophos appliances before and this is how I would normally have achieved my desired goal. I am not using VLANs
Any help would be appreciated and I am happy to provide additional info if needed.
Leon
This is my first time using a Zyxel FW appliance and I need a little assistance.
I have two physical LAN's in office, LAN1 - 192.168.0.0/24 (P4) and LAN2 - 10.85.221.160/28 (P5) and I need them to talk to each other.
No DHCP on either ports (LAN1 managed by inhouse domain controller, LAN2 no DHCP)
LAN1(P4) => office network switch
LAN2(P5) => 3rd party Cisco router w/4 active switch ports (gateway for LAN2)
I am able to ping from the USG appliance to all (ping-able) devices on either LAN but I am unable to ping/access anything from one LAN to another.
I have setup FW rules to allow traffic flow both ways but I have had no luck. Policies below:
LAN1 - LAN2 - any - any - any - any - allow
LAN2 - LAN1 - any - any - any - any - allow
Is there something I am missing? I have used SonicWALL and Sophos appliances before and this is how I would normally have achieved my desired goal. I am not using VLANs
Any help would be appreciated and I am happy to provide additional info if needed.
Leon
0
Best Answers
-
It's could be relate to routing settings.
What's the gateway address of clients on LAN1 and LAN2 ?
5 -
zyman2008 said:It's could be relate to routing settings.
What's the gateway address of clients on LAN1 and LAN2 ?0
All Replies
-
It's could be relate to routing settings.
What's the gateway address of clients on LAN1 and LAN2 ?
5 -
zyman2008, thanks for your quick input.
LAN1 gw is the USG - 192.168.0.1
LAN2 gw is the Cisco router - 10.85.221.161
USG is connected to the Cisco with IP 10.85.221.162. Both networks can ping this interface but traffic is not going any further.
Should the Cisco be configured with a route to the 192.168.0.0/24 network? Could I setup NAT/Masquerading on this LAN2 port? Getting any assistance from the 3rd party who manage the Cisco router is tricky at the best of times...0 -
zyman2008 said:It's could be relate to routing settings.
What's the gateway address of clients on LAN1 and LAN2 ?0 -
Well,
The best practice is routing between USG FLEX and Cisco router without any NAT/Masquerading.
If you can add a static route entry 192.168.0.0/24, next-hop: 10.85.221.162
And enable "Allow Asymmetric Route" in Security Policy > Policy Control page.
Then you don't need to add the policy route on USG FLEX for NAT/Masquerading the LAN1 client.
But in case, if it's not easy to setup Cisco router in time.
What's you current setup is a work-around for LAN1 to LAN2.
But what you lose is for LAN2 to all LAN1 services.
You can only set NAT port forwarding for LAN2 to access specific service in LAN1 via IP address 10.85.221.162
For example,
10.85.221.162:8080 map to 192.168.0.10:80
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight