IPSec VPN. How to create connection with multiple local and remote networks

Options
bk1
bk1 Posts: 5 image  Freshman Member
First Comment Friend Collector
in Security
Hello. 
I Try configure IPSec with remote office. In connection settings I can add only 1 local and 1 remote network.
What should I do, if I have 3 networks:
10.80.6.0/24
10.80.10.0/24
10.80.12.0/24

Remote office has more networks:
10.88.12.0/24
10.76.0.0/16
10.10...
and etc.




Accepted Solution

All Replies

  • bk1
    bk1 Posts: 5 image  Freshman Member
    First Comment Friend Collector
    edited November 2022
    @mMontana
    Yes, It is work, but it is really uncomfortable. I should to create 31+ VPN Connections.
    Maybe there is another option?
  • mMontana
    mMontana Posts: 1,447 image  Guru Member
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 50 Answers 1000 Comments
    edited November 2022
    Command line interface.
    If this arrangement sucks for you, sucks for me too, but it's the way that Zyxel request for making it work.
    I know there's a limit of tunnels (gateways) dependent from the device model, i don't know if there's a limit for subnets/connection/tunnel on the same gateway.
  • bk1
    bk1 Posts: 5 image  Freshman Member
    First Comment Friend Collector
    @mMontana
    Thank you very much for answer
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,568 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @bk1.
    You also can add policy route for site to site VPN multiple subnet routing.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,568 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @mMontana,
    Thanks for the example. ;)
    In site 1, add policy route for subnet 172.31.128.0/24 routing.
    src = 192.168.199.0/24
    dst= 172.31.128.0/24
    next hop = Site to Site VPN tunnel

    In site 2, add policy route for subnet 192.168.199.0/24 routing.
    src = 172.31.128.0/24
    dst= 192.168.199.0/24
    next hop = Site to Site VPN tunnel

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)