Max_Tor Posts: 8
edited April 14 in Security
I have a USG20-VPN factory restored, and ready to be configured!
I need to install it in a already built network ( because I have some devices that I want to reach with SSL VPN.
I try to explain what I think to do:
  • assign virtual IP to the USG
  • NAT that IP to the real IP (internal network of the USG, for example LAN1)
  • create rule to let user connect from the primary network to that IP
  • configure VPN SSL to reach internal IP of the USG (with NAT rule from the primary modem)
I'm trying to do all of these things but without success... could you help me?
I attach an image to explain the situation:

Accepted Solution

  • Zyxel_Can
    Zyxel_Can Posts: 227  Zyxel Employee
    Accepted Answer

    Hi @Max_Tor,


    Can you please configure as following;

    1- Change WAN and LAN IPs;

    2 - Configure NAT;

    3-  Allow from WAN to Clients (Configuration > Security Policy > Policy Control)

    4- Configure SSL VPN Settings;

    Best regards.

All Replies

  • PeterUK
    PeterUK Posts: 912  Guru Member

    If your modem router at can do static route there is another way without double NAT.

  • Max_Tor
    Max_Tor Posts: 8
    Thank you @Zyxel_Can!

    Everythings are clear!

    @PeterUK: yes there is a modem router and I have access to it. What do you mean with another waY?


  • PeterUK
    PeterUK Posts: 912  Guru Member

    Instead of SNAT from or with virtual IP's you static route on the modem router at for to you then make a routing rule with Use IPv4 Policy Route to Overwrite Direct Route checked to go from incoming LAN1 to next hop gateway

  • Max_Tor
    Max_Tor Posts: 8
    Ok, @PeterUK! Thanks for your advice!
    Everything to learn is useful for me!
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!