Route to second net via VPN
Zyxelswede
Posts: 4 
Freshman Member
Freshman Member
I have a VPN tunnel between USG110 (LAN A:192.168.0.0/24) and USG210 (LAN B:192.168.1.0/24).
On LAN B there is a gateway 192.168.1.63 to LAN C:192.168.98.0.0/24.
How do I configure USG110 and USG210 so that a user on LAN A can reach computers on LAN C?
On LAN B there is a gateway 192.168.1.63 to LAN C:192.168.98.0.0/24.
How do I configure USG110 and USG210 so that a user on LAN A can reach computers on LAN C?
0
Comments
-
If the IP address space is overlap.
You need to use another address space mapping to the original one.
The settings is kind of complex.
So the easy way is to change LAN A to another address space if possible.
0 -
Hi @Zyxelswede
Welcome to Zyxel community.
As Your scenario should able to realize by policy route.
On USG110.
You can add a policy route for destination is 192.168.98.0/24, and NextHop is VPN tunnel which established with USG210.
On USG210.
(1) Create a rule for destination is 192.168.98.0/24. And NextHop is gateway IP 192.168.1.63.
(2) Create a rule for destination is USG110 subnet 192.168.0.0/24. And NextHop is VPN tunnel which established with USG110.
0 -
Thanks @Zyxel_Stanley,I have tried a similar solution earlier without results.It will not work even if I follow your instructions.Do I need to set up any Policy Controls too?Is there any way to get a log about the tracie to see where the communication may stop.0
-
Hi @Zyxelswede
As I know if you would like to route the traffic to other network behind USG, then both of VPN setting must be "Site to Site" VPN.
If one of site is using "Site to Site with Dynamic Peer". then policy route will unable route traffic into VPN tunnel.0 -
Hi @CHS
The VPN is Site to Site.0 -
Hi @ZyxelswedeYou can login to USG210, and make sure if the packets has forwarded to VPN tunnel.(1) Login to your USG210 by SSH. And Enter this command: Router> packet-trace interface lan1 ip-proto icmp(2) Send the ICMP packets to 192.168.98.X from PC which behind USG110.
If there is no reply from 192.168.98.X, then you can check routing setting on your gateway.And make sure firewall setting on you gateway and PC.0 -
Thanks @Zyxel_Stanley!
Strangest thing, tried to ping now and the ping went trough.
The route is working just fine now
Don't know why it didn't work before.
Thanks again for all help!0
Master Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
