Routing L2TP for access other tunnels
All Replies
-
I have tried to configure it as you indicate and I am sorry to tell you that it does not work for me.
If I configure a rule in the firewall it doesn't work and by putting the remote access in the same subnet as in the site to site the site to site tunnel fails.
I don't know what to do with this anymore. Any other ideas to try?0 -
Hi @alexpe,
Please give me the remote access of these two sites in private message. I'll remotely check the configuration and tell you how to configure on both sites.
0 -
You need site to site for both ends
so
your office
remote access server role 192.168.50.1-192.168.50.250
site to site local policy 172.26.0.x remote policy 192.168.0.x
site to site local policy 172.26.0.x remote policy 192.168.64.x
site to site local policy 172.26.0.x remote policy 192.168.69.x
site to site local policy 192.168.50.1-192.168.50.250 remote policy 192.168.0.x
site to site local policy 192.168.50.1-192.168.50.250 remote policy 192.168.64.x
site to site local policy 192.168.50.1-192.168.50.250 remote policy 192.168.69.x
site with 192.168.0.x
site to site local policy 192.168.0.x remote policy 172.26.0.x
site to site local policy 192.168.0.x remote policy 192.168.64.x
site to site local policy 192.168.0.x remote policy 192.168.69.x
site to site local policy 192.168.0.x remote policy 192.168.50.1-192.168.50.250
site with 192.168.64.x
site to site local policy 192.168.64.x remote policy 172.26.0.x
site to site local policy 192.168.64.x remote policy 192.168.0.x
site to site local policy 192.168.64.x remote policy 192.168.69.x
site to site local policy 192.168.64.x remote policy 192.168.50.1-192.168.50.250
site with 192.168.69.x
site to site local policy 192.168.69.x remote policy 172.26.0.x
site to site local policy 192.168.69.x remote policy 192.168.64.x
site to site local policy 192.168.69.x remote policy 192.168.0.x
site to site local policy 192.168.69.x remote policy 192.168.50.1-192.168.50.250
0 -
Good afternoon Peter,
I do not understand what you tell me. In your comment yesterday you indicated that they were firewall rules now local policies.
In my remote access configuration I only have a local policy option. I leave you a picture.
I don't understand where I have to add all the local and remote policy that you mention.
0 -
I guess you can let Emily from Zyxel to help you with remote access to your USG's.
0 -
Thanks Peter for your help. I'll wait for Emily's reply.
0 -
Hi @alexpe,
I just checked the configuration on both devices. Please modify the settings as follows.Remote office- USG60
In policy route, select NP_RGH-AV2 as Next-Hop. Create a new address object 192.168.50.0/24 that is the L2TP VPN subnet on USG110.
My Office - USG110
In policy route rule 2, select NP_AV-CR2 as Next-Hop.
Rule 3 and 4 are unnecessary. You can turn off these two policy routes.
Besides, you don't need to create a new zone for L2TP VPN. Just keep it as the default zone setting IPSec_VPN.
Then you don't need security policy rule 1-3.
0 -
Hi Emily,
In the remote office USG-60 I have changed the configuration as you indicate.
My Office - USG110
After doing this configuration, I have lost the communication of the site to site tunnel from my office to the remote office. And because of the L2TP access I don't have communication either.
0
Freshman Member
Zyxel Employee
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
