Route VPN Subnet to remote Network
Freshman Member
Hi everybody
I have a VPN100 device with an IKEv2 VPN connection according to this document:
http://onesecurity.zyxel.com/img/uploads/Next-Gen_IKEv2_VPN_Server_Role_CR.pdf
The VPN connection is working, I'm able to connect.
Because I don't want to route my internet traffic from the client through the VPN tunnel, I've disabled the option "Use default gateway on remote network" on the client IPV4 VPN setting.
Client is now able to surf in the internet, but he's unable to ping other devices in the remote network.
Remote Network (where the server and the VPN100 is located): 192.168.0.0/24
VPN Client Subnet on VPN100 is defined to 10.10.10.0/24.
When I connect VPN the client gets a valid address e.g. 10.10.10.3 (Mask 255.255.255.255).
But how to achieve now, that he's able to ping devices in 192.168.0.0 range?
When I add a local static route to the device, then it's working. But I don't want to do this manually. How can I tell the VPN connection (DHCP class based route?) that it should add this route?
Thank you for your help!
Veronesi
I have a VPN100 device with an IKEv2 VPN connection according to this document:
http://onesecurity.zyxel.com/img/uploads/Next-Gen_IKEv2_VPN_Server_Role_CR.pdf
The VPN connection is working, I'm able to connect.
Because I don't want to route my internet traffic from the client through the VPN tunnel, I've disabled the option "Use default gateway on remote network" on the client IPV4 VPN setting.
Client is now able to surf in the internet, but he's unable to ping other devices in the remote network.
Remote Network (where the server and the VPN100 is located): 192.168.0.0/24
VPN Client Subnet on VPN100 is defined to 10.10.10.0/24.
When I connect VPN the client gets a valid address e.g. 10.10.10.3 (Mask 255.255.255.255).
But how to achieve now, that he's able to ping devices in 192.168.0.0 range?
When I add a local static route to the device, then it's working. But I don't want to do this manually. How can I tell the VPN connection (DHCP class based route?) that it should add this route?
Thank you for your help!
Veronesi
0
Accepted Solution
-
Hi @Veronesi,In the current design, Windows native VPN interface can't separate Internet traffic from VPN tunnel.The only way to fulfill it is to create an additional routing on your PC.Here is the FAQ for your reference.5
Zyxel Employee
All Replies
-
Hi @Veronesi,In the current design, Windows native VPN interface can't separate Internet traffic from VPN tunnel.The only way to fulfill it is to create an additional routing on your PC.Here is the FAQ for your reference.5
-
@Zyxel_Emily
Thank you.
I now added a route with powershell:
E.g. Add-VpnConnectionRoute -ConnectionName "NameOfVPNConnection" -DestinationPrefix 192.168.0.0/24 -PassThru
Veronesi
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
