Routing 192.168.x.x/24 via VPN Client
Dear friends!
In the company I use a USG Flex 100.
The network: 192.168.20.0/24
Our employees connect to the office from home (ISP network (home router):192.168.0.0/24) using Zywall IPsec VPN Client.
Opening the tunnel works perfectly but I don't get any traffic with the office.
Ask for help and ideas!
In the company I use a USG Flex 100.
The network: 192.168.20.0/24
Our employees connect to the office from home (ISP network (home router):192.168.0.0/24) using Zywall IPsec VPN Client.
Opening the tunnel works perfectly but I don't get any traffic with the office.
Ask for help and ideas!
Win10 routing table (created by Zywall
IPsec VPN Client): attached
0
Accepted Solution
-
Hello @mbsouth,As @zyman2008 suggested, the Remote VPN IP address Pool should not overlap with the LAN network(192.168.20.1), please change the IP pool to other than 192.168.20.0/24, thank you.James0
Zyxel Employee
All Replies
-
mbsouth,
If you offer VPN client an IP address from 192.168.20.0/24.
Then the return route will be treat as local direct route by USG. And the traffic won't go back to the VPN client.
You need to change the IP Pool for VPN client to another subnet other than 192.168.20.0/24.
1 -
Hello @mbsouth,As @zyman2008 suggested, the Remote VPN IP address Pool should not overlap with the LAN network(192.168.20.1), please change the IP pool to other than 192.168.20.0/24, thank you.James0
-
@zyman2008
@Zyxel_JamesThank you very much for your help!
I changed the IP pool to other range and it works perfect!
Thx!
0 -
@zyman2008,thank you for your feedback. For my setup I used this guide:
https://mysupport.zyxel.com/hc/en-us/articles/360016087819--ZyWALL-USG-How-to-configure-a-Client-to-Site-VPN-connection-and-use-VPN-Provisioning-on-Zyxel-IPSec-VPN-ClientHow/where should I change the client addresses?
0 -
I think the guide is a bit outdated. And it's for the case client need to manual configure static IP.mbsouth said:@zyman2008,thank you for your feedback. For my setup I used this guide:
https://mysupport.zyxel.com/hc/en-us/articles/360016087819--ZyWALL-USG-How-to-configure-a-Client-to-Site-VPN-connection-and-use-VPN-Provisioning-on-Zyxel-IPSec-VPN-ClientHow/where should I change the client addresses?
There're two IPSec VPN solution that can offer IP address from VPN server to VPN client,
1. IKEv1
https://mysupport.zyxel.com/hc/en-us/articles/360007956899--ZyWALL-USG-How-to-set-up-a-Client-to-Site-VPN-Mode-Config-DHCP-connection-using-IKEv1
2. IKEv2
https://community.zyxel.com/en/discussion/12522/remote-access-vpn-wizard-for-secuextender-ipsec-and-non-secuextender-ipsec-vpn-clients
0 -
Hi @mbsouth
Moreover, as zyman2008 mentioned that if you follow our guide to use the wizard to create IPSec VPN connection, you can go to Configuration > VPN > IPsec VPN > VPN Connection > RemoteAccess_Wiz double clicks to check the IP pool range:
Then you can enter Configuration > Object > Address/Geo IP > Address > RemoteAccess_Wiz_CLIENT to modify the IP pool range.
Thanks.
See how you've made an impact in Zyxel Community this year!
0
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
