Zyxel Zywall USG 300. 3 static IP addresses on one interface

link000
link000 Posts: 39  Freshman Member
First Comment Friend Collector Fifth Anniversary

Good afternoon. Help is needed. There is a Zyxel Zywall USG 300 gateway. A cable (twisted pair) from the provider comes to the ge7 port. There are 3 static IP addresses on the cable. On ge7 2 VLANs are raised. So we have ge7=..110.75, VLAN1=..93.188, VLAN2=..110.27. There is a client with the address ..93.125 from the same provider. We access the Internet through IP ..110.75. But, tracing (or ping) to the client address ..93.125 from any computer or server from the internal network "turns" to VLAN1=..93.188. Neither static routing nor routing policies help. How can I make pings and tracing go from the internal local network through ge7=..110.75 to the external network (Internet) and reach the client address ..93.125 without "wrapping up" to VLAN1=..93.188 ? ??

All Replies

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    VLAN1 with

    .93.188

    should only have to ARP to .93.125 if they are in the same subnet?

  • link000
    link000 Posts: 39  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Yes, it would be nice.

  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary

    How about adding a policy route?
    Incoming: zywall
    Destination: ..93.125
    Next hop: ge7=..110.75

  • link000
    link000 Posts: 39  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Thank you. Tried. Does not help.

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Can you draw a layout of what you want done of the network?

  • link000
    link000 Posts: 39  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Thank you. Tried. Does not help.

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited April 2023

    So you *.*93.188 is based on port ge7 as VLAN1? So if you disable VLAN1 it should work?

    But whats the problem with PC SNAT out *.*93.188 to go to *.*.93.125 ?

    But if you need to go from *.*.110.75 in routing Advance check “Use IPv4 Policy Route to Overwrite Direct Route” with a routing rule to Destination *.*.93.125 SNAT out *.*110.75

  • link000
    link000 Posts: 39  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    jasailafan, PeterUK, thanks for the answers! There is a blocking from the provider! I'm trying to resolve the issue.

Security Highlight