VPN Site to Site and LAN2

mlik
mlik Posts: 25  Freshman Member
First Comment Fourth Anniversary
Hello,

I have a problem with the USG20-VPN configuration with firmware V5.10 (ABAQ.0). I created a VPN Site to Site between points - it was working fine. I had to reconfigure the network in one of the locations and extract some hardware to LAN2. I reconfigured the local and remote rules in the VPN configuration. The connection works, but only one way.

I read that I need to add a Policy Route and I did it, but I see no improvement. What else do I have to do?

All Replies

  • mlik
    mlik Posts: 25  Freshman Member
    First Comment Fourth Anniversary
    edited October 2021
    Now that I thought about it, I'm more interested in creating a Site-to-site tunneled connection to LAN 2 VPN. VPN currently works between LAN1-LAN1 networks.

    If I create a VPN Site to Site connection between LAN1 (192.168.1.0) and LAN2 (192.168.2.0). The connection will work, but only one way: from step 2 to 1




    EDIT:
    I scanned the network and the VPN seems to work both ways. From point 1 to 2, the network sees addresses starting with 30, ex. 192.168.1.30. I don't understand this because the rules on both sides are set well and for the entire subnet: 192.168.1.0/24.



  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @milk,
    Please check that if POINT 2 lan 2 subnet is 192.168.2.0/24. By default, it's 192.168.2.0/24 in USG20VPN.  Assume POINT 2 have subnet overlap with peer POINT 1 VPN subnet, traffic would not be routed back to POINT 1, it will go to local main route table.

  • mlik
    mlik Posts: 25  Freshman Member
    First Comment Fourth Anniversary
    edited October 2021
    The client had 2 network adapters in the computer and there were 2 active connections. Routing problem. Removing the gateway from one connection resolved the problem. Thank you for your answer. I also followed your advice and disabled the LAN2 interface in POINT2 and changed its default address.

Security Highlight