USG20-VPN WITH NAT AND VIRTUAL IP

Max_Tor
Max_Tor Posts: 8
edited April 14 in Security
Hello!
I have a USG20-VPN factory restored, and ready to be configured!
I need to install it in a already built network (192.168.1.0/24) because I have some devices that I want to reach with SSL VPN.
I try to explain what I think to do:
  • assign virtual IP to the USG
  • NAT that IP to the real IP (internal network of the USG, for example LAN1)
  • create rule to let user connect from the primary network to that IP
  • configure VPN SSL to reach internal IP of the USG (with NAT rule from the primary modem)
I'm trying to do all of these things but without success... could you help me?
I attach an image to explain the situation:

Accepted Solution

  • Zyxel_Can
    Zyxel_Can Posts: 239  Zyxel Employee
    Accepted Answer

    Hi @Max_Tor,

     

    Can you please configure as following;

    1- Change WAN and LAN IPs;


    2 - Configure NAT;


    3-  Allow from WAN to Clients (Configuration > Security Policy > Policy Control)



    4- Configure SSL VPN Settings;


    Best regards.

All Replies

  • PeterUK
    PeterUK Posts: 914  Guru Member

    If your modem router at 192.168.1.1 can do static route there is another way without double NAT.


  • Max_Tor
    Max_Tor Posts: 8
    Thank you @Zyxel_Can!

    Everythings are clear!

    @PeterUK: yes there is a modem router and I have access to it. What do you mean with another waY?

    Thanks

  • PeterUK
    PeterUK Posts: 914  Guru Member

    Instead of SNAT 192.168.0.31 from 192.168.1.30 or with virtual IP's you static route on the modem router at 192.168.1.1 for 192.168.0.0/24 to 192.168.1.30 you then make a routing rule with Use IPv4 Policy Route to Overwrite Direct Route checked to go from incoming LAN1 to next hop gateway 192.168.1.1


  • Max_Tor
    Max_Tor Posts: 8
    Ok, @PeterUK! Thanks for your advice!
    Everything to learn is useful for me!
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!