IPSec tunnel VLAN to VLAN
All Replies
-
Each USG60 VLAN subnet must not be the same and might you try site to site?
0 -
PeterUK said:
Each USG60 VLAN subnet must not be the same and might you try site to site?
The VLAN's are different (192.168.81.0 and 192.168.82.0) I tried Site to site, but does only work for regular interfaces, not if you want to transfer only VLAN.
0 -
Site to site works with VLANs
site A with 192.168.81.0/24
local policy 192.168.81.0/24
remote policy 192.168.82.0/24
routing rule
incoming interface
member the VLAN
destination 192.168.82.0/24
next hop
type VPN Tunnel
VPN tunnel the zone for the tunnel
site B with 192.168.82.0/24
local policy 192.168.82.0/24
remote policy 192.168.81.0/24
routing rule
incoming interface
member the VLAN
destination 192.168.81.0/24
next hop
type VPN Tunnel
VPN tunnel the zone for the tunnel
firewall rules:
from WAN to Zywall protocol 50, UDP 500, 1701 and 4500
One side will need port forwarding for protocol 50, UDP 500, 1701 and 4500 the other side nailed up.
0 -
@nielsscheldeman what's firmware version are working on your device?
You may capture packets on VTI interface to monitor the traffic status.0
Categories
- All Categories
- 392 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight