Vpn site to site with Usg 40
Freshman Member
Hi, I have a configuration with two locations correctly connected site to site with two zyxell usg 40. Everything works, both the subnet A sees the subnet B and vice versa. The only problem arises if I do not want to use the usg 40 as a navigation, if a machine does not have a gateway as the usg 40 is no longer reachable from the remote site. Can this be remedied?
0
Accepted Solution
-
Hi @User
Two solution,
1. The most easy solution (if you cannot change the configuration of Telecom router)
On PC Y, add static route to LAN A via Gateway B.
For example, if PC Y is Windows OS.
(1) Open MS-DOS windows (need to Run as Administrator)
(2) c:\> route add <LAN B network> mask <network mask> <gateway B IP> metric 1 -p
2. Both Gateway A & Gateway B need to configure route
(1) On Gateway A, add static route to LAN B via Gateway B.
And Gateway A need to allow triangle route.
(2) On Gateway B,
on GUI, go to Security policy > Policy Control page. Enable "Allow Asymmetrical Route" setting.1
Master Member
All Replies
-
Hi @User
If you removed one of USG40 from your scenario, you still can access to server behind NAT router by Port forwarding/ L2TP tunnel/ SSL VPN(SecuExtender)/IPSec VPN tunnel(IPSec VPN Client).
0 -
I not removed one of usg 40 (scuse me for bad English). The right answer is: it's possible (with a route or other method) used 2 gateway in one of Lan...? If usg 40 are in Lan, but if it's not a preferred gateway. In "xxx" pc is not a gateway; this pc is not "contactable from the remote network.0
-
This is my VPN site to site. It's ok for all pc/server in LAN A, but in LAN B is ok only with a pc have with gateway B (usg 40). I ask if exist a metod for contact from LAN A a pc in LAN B with have gateway A (Telecom Router with firewall and mpls). In picture ALL LAN A ping PC-X, but no ping PC-Y.
) 0 -
Hi @User
In your environment, PC X and PC Y should connecting with a switch, and PC X IP address is coming from GatewayB.
What's the IP address of PC Y? Does PC Y IP subnet has overlap to GatewayB?
Does switch is support for layer 3 routing?0 -
Hi @User
Two solution,
1. The most easy solution (if you cannot change the configuration of Telecom router)
On PC Y, add static route to LAN A via Gateway B.
For example, if PC Y is Windows OS.
(1) Open MS-DOS windows (need to Run as Administrator)
(2) c:\> route add <LAN B network> mask <network mask> <gateway B IP> metric 1 -p
2. Both Gateway A & Gateway B need to configure route
(1) On Gateway A, add static route to LAN B via Gateway B.
And Gateway A need to allow triangle route.
(2) On Gateway B,
on GUI, go to Security policy > Policy Control page. Enable "Allow Asymmetrical Route" setting.1 -
Tanks guys, the 1) solution of lan31, works.
Stanley LAN A (remote) is configured with 192.168.xx.0/24 , lan B (local) is configured with 10.200.xx.0/24. Only one subnet for LAN (REMOTE and LOCAL).
With routing most pc works. Only one server not work, but must to check in this server policy and rules for read a permission (server domain with service).RESOLVED...
In this server are 3 ethernet interface, i add route for all interface now. IT WORKS.
Tanks LAN31! Very very thanks0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
