USG intranet route

mz_ghost
mz_ghost Posts: 4
First Comment
edited April 2021 in Security
I had a USG60 and an Asus  IP sharing. both had a WAN ip,
there intranet are usg60: 192.168.1.0/23 and asus: 192.168.10.0/24
gateway is 192.168.1.1 and 192.168.10.254
I already use a cable connected their lan(usg60 was Lan1) port,
How should  I set on USG60 just can let usg60 .1.x can ping/connect to .10.x

Accepted Solution

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @mz_ghost  

    Here should be your scenario:

    USG60(LAN: 192.168.1.1/23)-------------(WAN: 192.168.1.X/23)ASUS(LAN: 192.168.10.0/24)

    You can add static route on USG60.

    Then destination address is 192.168.10.0/24 traffic will forward to ASUS router.

    Of course you have to make sure ASUS router has allowed the traffic.

  • but the ASUS lan had it's WAN out(from Asus Wan),
    I just would like let their two lan can connect each other
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    So your setup looks like this:


  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @mz_ghost  

    Did you connect cable between USG60 LAN port and ASUS LAN port?

     

    Both of LAN port are belonging to different IP subnet, so it is impossible communicate with each other.

    If your ASUS router support to establish Net-to-Net VPN Server, then you may have a try it.

  • If I want my ASUS lan can connect to ZyXEL USG60 Lan,
    still just write static route 192.168.10.1  to gateway 192.168.1.1?
    If I need do some modify on USG60 to allow 192.168.10.x packet in?
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited December 2020
    So on port 3 of the USG60 don't connect it to the ASUS LAN.

    On port 4 zone to LAN2 of the USG60 setup a new network 192.168.10.1 255.255.255.0 (no DHCP) connect this port to the  ASUS LAN then in the  ASUS setup for static route put in 192.168.1.0 255.255.255.0 (in your case 255.255.254.0) gateway 192.168.10.1. This may work

    Then allow LAN1 to LAN2 and LAN2 to LAN1.


  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @PeterUK

    As your suggestion may have IP overlap situation on ASUS route…..since WAN and LAN are belonging to same IP subnet.

    It may cause traffic unable send out successfully.

     

    @mz_ghost

    You can connect ASUS WAN interface to USG60 LAN port. Then ASUS WAN will have IP address as “192.168.1.X”.

    Then create static route on USG60:

    Destination: 192.168.10.0/24, NextHop: 192.168.1.X(ASUS WAN)

    Then traffic should be work.

  • Yes, since the ASUS ip sharing had two wan interface, It's a way.
    so USG and other device's LAN can't connect each other just use their LAN port and static route?
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 2021

    Hi @mz_ghost

    Since those 2 LANs belong to different IP subnets.

    So the traffic can’t just communicate with each other directly unless there is another router routes the traffic between different subnets.

    Or you can connect the ASUS alternate WAN port to USG60’s LAN port

Security Highlight