Route VPN Subnet to remote Network
Options
Freshman Member
Hi everybody
I have a VPN100 device with an IKEv2 VPN connection according to this document:
http://onesecurity.zyxel.com/img/uploads/Next-Gen_IKEv2_VPN_Server_Role_CR.pdf
The VPN connection is working, I'm able to connect.
Because I don't want to route my internet traffic from the client through the VPN tunnel, I've disabled the option "Use default gateway on remote network" on the client IPV4 VPN setting.
Client is now able to surf in the internet, but he's unable to ping other devices in the remote network.
Remote Network (where the server and the VPN100 is located): 192.168.0.0/24
VPN Client Subnet on VPN100 is defined to 10.10.10.0/24.
When I connect VPN the client gets a valid address e.g. 10.10.10.3 (Mask 255.255.255.255).
But how to achieve now, that he's able to ping devices in 192.168.0.0 range?
When I add a local static route to the device, then it's working. But I don't want to do this manually. How can I tell the VPN connection (DHCP class based route?) that it should add this route?
Thank you for your help!
Veronesi
I have a VPN100 device with an IKEv2 VPN connection according to this document:
http://onesecurity.zyxel.com/img/uploads/Next-Gen_IKEv2_VPN_Server_Role_CR.pdf
The VPN connection is working, I'm able to connect.
Because I don't want to route my internet traffic from the client through the VPN tunnel, I've disabled the option "Use default gateway on remote network" on the client IPV4 VPN setting.
Client is now able to surf in the internet, but he's unable to ping other devices in the remote network.
Remote Network (where the server and the VPN100 is located): 192.168.0.0/24
VPN Client Subnet on VPN100 is defined to 10.10.10.0/24.
When I connect VPN the client gets a valid address e.g. 10.10.10.3 (Mask 255.255.255.255).
But how to achieve now, that he's able to ping devices in 192.168.0.0 range?
When I add a local static route to the device, then it's working. But I don't want to do this manually. How can I tell the VPN connection (DHCP class based route?) that it should add this route?
Thank you for your help!
Veronesi
0
Accepted Solution
-
Hi @Veronesi,In the current design, Windows native VPN interface can't separate Internet traffic from VPN tunnel.The only way to fulfill it is to create an additional routing on your PC.Here is the FAQ for your reference.5
Zyxel Employee
All Replies
-
Hi @Veronesi,In the current design, Windows native VPN interface can't separate Internet traffic from VPN tunnel.The only way to fulfill it is to create an additional routing on your PC.Here is the FAQ for your reference.5
-
@Zyxel_Emily
Thank you.
I now added a route with powershell:
E.g. Add-VpnConnectionRoute -ConnectionName "NameOfVPNConnection" -DestinationPrefix 192.168.0.0/24 -PassThru
Veronesi
0
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
