Routing 192.168.x.x/24 via VPN Client
Options
Dear friends!
In the company I use a USG Flex 100.
The network: 192.168.20.0/24
Our employees connect to the office from home (ISP network (home router):192.168.0.0/24) using Zywall IPsec VPN Client.
Opening the tunnel works perfectly but I don't get any traffic with the office.
Ask for help and ideas!
In the company I use a USG Flex 100.
The network: 192.168.20.0/24
Our employees connect to the office from home (ISP network (home router):192.168.0.0/24) using Zywall IPsec VPN Client.
Opening the tunnel works perfectly but I don't get any traffic with the office.
Ask for help and ideas!
Win10 routing table (created by Zywall
IPsec VPN Client): attached
0
Accepted Solution
-
Hello @mbsouth,As @zyman2008 suggested, the Remote VPN IP address Pool should not overlap with the LAN network(192.168.20.1), please change the IP pool to other than 192.168.20.0/24, thank you.James0
All Replies
-
mbsouth,
If you offer VPN client an IP address from 192.168.20.0/24.
Then the return route will be treat as local direct route by USG. And the traffic won't go back to the VPN client.
You need to change the IP Pool for VPN client to another subnet other than 192.168.20.0/24.
1 -
Hello @mbsouth,As @zyman2008 suggested, the Remote VPN IP address Pool should not overlap with the LAN network(192.168.20.1), please change the IP pool to other than 192.168.20.0/24, thank you.James0
-
@zyman2008
@Zyxel_JamesThank you very much for your help!
I changed the IP pool to other range and it works perfect!
Thx!
0 -
@zyman2008,thank you for your feedback. For my setup I used this guide:
https://mysupport.zyxel.com/hc/en-us/articles/360016087819--ZyWALL-USG-How-to-configure-a-Client-to-Site-VPN-connection-and-use-VPN-Provisioning-on-Zyxel-IPSec-VPN-ClientHow/where should I change the client addresses?
0 -
mbsouth said:@zyman2008,thank you for your feedback. For my setup I used this guide:
https://mysupport.zyxel.com/hc/en-us/articles/360016087819--ZyWALL-USG-How-to-configure-a-Client-to-Site-VPN-connection-and-use-VPN-Provisioning-on-Zyxel-IPSec-VPN-ClientHow/where should I change the client addresses?
There're two IPSec VPN solution that can offer IP address from VPN server to VPN client,
1. IKEv1
https://mysupport.zyxel.com/hc/en-us/articles/360007956899--ZyWALL-USG-How-to-set-up-a-Client-to-Site-VPN-Mode-Config-DHCP-connection-using-IKEv1
2. IKEv2
https://community.zyxel.com/en/discussion/12522/remote-access-vpn-wizard-for-secuextender-ipsec-and-non-secuextender-ipsec-vpn-clients
0 -
Hi @mbsouth
Moreover, as zyman2008 mentioned that if you follow our guide to use the wizard to create IPSec VPN connection, you can go to Configuration > VPN > IPsec VPN > VPN Connection > RemoteAccess_Wiz double clicks to check the IP pool range:
Then you can enter Configuration > Object > Address/Geo IP > Address > RemoteAccess_Wiz_CLIENT to modify the IP pool range.
Thanks.
0
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 87 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 916 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 420 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight