Need help - how to - basic settings first

Bilouwanadoofr
Bilouwanadoofr Posts: 6
First Comment Friend Collector
edited April 2021 in Security
Hi everyone,

First, I wish you all my best whishes for end of year and new one coming :)


I would need basic help to set the below config with a Zywall 310.

I have 2 Asus DSL routers.
IP:   .1.253   and    .1.254
Currently, a dual wan loadbalancer Draytek Vigor 2920n (with IP .1.1) that I would like to replace with the Zywall.

All this current hardware is most for home use and friendly to access, clear interface, easy settings.

But, it's a pain to setup the Zywall.

Could you please help me to configure the basics settings?
I mean, step by step, how can I replace my current Draytek with this Zywall?

Many thanks for your help,
regards
«1

Comments

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @Bilouwanadoofr  

    If you would like to setup loadbalance on WAN interface.

    You can setup both of WAN IP addressed on ge1 and ge2 first.

    (Configuration > Network > Interface > Ethernet)


     And then create a customize load balance for ge1 and ge2.

    (Configuration > Network > Interface > Trunk)


  • Thanks for your reply.
    However, I have issues to setup the basic.

    For example, I can ping 8.8.8.8 from my ge2 interface (which is one of my DSL routers)
    But, I can't ping 8.8.8.8 from ge3 interface (which is my default LAN interface in IP .1.1)

    Could you please let me know if I set correctly the interface?
    Interface type > General ? Internal ? External ?
    Zone > LAN ? WAN ?



    Thanks in advance for your help,

    LoadBalance will be next step, when I will be at least able to have internet working with one line.

    Best regards,

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited January 2021

    I have 2 Asus DSL routers.
    IP:   .1.253   and    .1.254
    Subnet 255.255.255.0?

    Are you not able to put these in modem mode to pass the WAN IP's? do these routers have static route option?

    For a quick double NAT test for the Zywall 310 ge1 IP 192.168.1.251 gateway.1.253 and ge2 IP 192.168.1.252 gateway.1.254 need to be External and zone WAN.

    incoming interface
    member LAN
    next hop
    type Interface
    Interface ge1
    Source network network address translation outgoing-interface

    incoming interface
    member LAN
    next hop
    type Interface
    Interface ge2
    Source network network address translation outgoing-interface

    Your LAN zone needs to be out of 192.168.1.0 so 192.168.2.0/255.255.255.0

    If you can do static route on the Asus DSL routers then add to each:
    192.168.2.0
    255.255.255.0
    Gateway IP the IP of ge1 IP 192.168.1.251 and ge2 192.168.1.252

    Than you can make a routing rule:
    incoming interface
    member LAN
    next hop
    type gateway
    gateway IP 
    .1.253
    Source network network address translation none

    incoming interface
    member LAN
    next hop
    type gateway
    gateway IP .1.254
    Source network network address translation none  


    EDIT: to do static route on the Asus DSL routers gateway 192.168.254.254/24 and 192.168.255.254/24 

    Do static route on the Asus DSL routers then add to each:
    192.168.1.0
    255.255.255.0
    Gateway IP the IP of ge1 IP 192.168.254.253 and ge2 192.168.255.253

    Than you can make a routing rule:
    incoming interface
    member LAN
    next hop
    type gateway
    gateway IP 192.168.254.254
    Source network network address translation none

    incoming interface
    member LAN
    next hop
    type gateway
    gateway IP 192.168.255.254
    Source network network address translation none  

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @Bilouwanadoofr  

    You may try to change ge2 interface type as “external”.

    Then internet traffic will able auto route traffic to internet.

  • Hi Guys,

    Thanks for your replies.

    @PeterUK > Why different range?
    Currently, with my Draytek, all is on /24  192.168.1.x
    Is it not possible to do the same with a Zywall?

    @Zyxel_Stanley > tried the change you suggested, set the ge2 interface as "external" but still not able to ping 8.8.8.8 from ge3.
    What about ge3 ? Internal or General? And all interfaces (ge2, ge3) in the same zone? currently Lan.
    Security Policies are disabled until I have something working (I will activate them later).

    I suppose I did something wrong or not the correct way.

    Thanks in advance for your future replies !!! :-)
  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited January 2021

    @PeterUK > Why different range?

    ge3 (needs to be Internal) on the USG needs to be a different so you can do the static route setup on the  Asus DSL routers unless you do double NAT which is not the best way to do it which you likely did do with the Draytek. 

    Having ge1,ge2 and ge3 all be 192.168.1.x may or may not work its best to have ge3 with 192.168.2.x

    Doing double NAT with the Asus DSL routers with both doing 192.168.1.x is also not good and the static route setup may not work if possible use for a gateway 192.168.254.254/24 and 192.168.255.254/24 
  • This means I have to readdress all my network devices into 192.168.2.x also ? :(
  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Ok how about changing the Asus DSL routers network for gateway 192.168.254.254/24 and 192.168.255.254/24

    This way ge3 on the USG can be 192.168.1.x


  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @Bilouwanadoofr

    In the default setting, ge3 interface type is internal and IP address is 192.168.1.1/24. 

    If you ping 8.8.8.8 by Interface. Then system will use “Interface IP” to Internet.  [ping 8.8.8.8 interface ge3 ]

    Since ge3 IP address is private address, and that’s why it is reply “Destination Host Unreachable” to you.


    You may explain more detail of your scenario, then we will much understand what you need.

  • Hi Guys,

    @PeterUK > your suggestion seems more realistic :)

    @Zyxel_Stanley > for more details, here is what I currently have and what I would like to to.

    For now, I have 2 DSL lines
    I have 2 ASUS DSL routers.
    One is (internal IP) > 192.168.1.253
    The second is (internal IP) > 192.168.1.254

    Then, I have a Draytek Router which is a loadbalancer dual wan.
    Because not yet optical fiber connected, 2 DSL line is more comfortable than one.

    So, on the Draytek, there are 2 WAN ports configured as follow:
    192.168.1.251 > Gateway 192.168.1.253 (first DSL router)
    192.168.1.252 > Gateway 192.168.1.254 (second DSL router)

    This Draytek is currently 192.168.1.1 and is my gateway for all my devices.


    I would like, if possible, replace this Draytek by the Zyxel.
    And still if possible, keep same IP (I would be surprised if not possible) :)

    Please let me know if you need more details I forget maybe?

    Thanks a ton and have a good day !!!
    Cheers

Security Highlight