VPN routing

Ajay
Ajay Posts: 5
First Comment

Hi Team,

How do l ensure all my route users can browse around my server successfully, they can connect but not see the server which is on ip address 192.168.16.2 . l have a USG60

Accepted Solution

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓

    If it's your scenario

    USG60_A:
    LAN1: 192.168.11.0/24
    Local Policy 192.168.11.0/24
    Remote Policy 192.168.12.0/24

    USG_B
    LAN1 192.168.12.0/24
    LAN2 192.168.16.0/24 (server is 192.168.16.2)
    Local Policy 192.168.12.0/24
    Remote Policy 192.168.11.0/24

    Please add policy route for routing the traffic to the server

    For USG60_A:
    Add a policy route
    source address: 192.168.11.0/24
    destination address: 192.168.16.2
    next-hop: VPN tunnel

    For USG60_B
    Add a policy route
    source address: 192.168.16.2
    destination address: 192.168.1.11/24
    next-hop: VPN tunnel

All Replies

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    edited April 2023


    Hello @Ajay,
    Could you provide your topology of the network?
    Is 192.168.16.2 in the local policy of your VPN tunnel?
    You can enable the log option for the policy rules and check if there is any blocked log when the users connect to the server.

    James

  • Ajay
    Ajay Posts: 5
    First Comment

    Good Morning James,

    Thanks for the advice, l have not adjusted the policy control, if l have am not sure how l did it. how do l enable the log to capture this

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓

    If it's your scenario

    USG60_A:
    LAN1: 192.168.11.0/24
    Local Policy 192.168.11.0/24
    Remote Policy 192.168.12.0/24

    USG_B
    LAN1 192.168.12.0/24
    LAN2 192.168.16.0/24 (server is 192.168.16.2)
    Local Policy 192.168.12.0/24
    Remote Policy 192.168.11.0/24

    Please add policy route for routing the traffic to the server

    For USG60_A:
    Add a policy route
    source address: 192.168.11.0/24
    destination address: 192.168.16.2
    next-hop: VPN tunnel

    For USG60_B
    Add a policy route
    source address: 192.168.16.2
    destination address: 192.168.1.11/24
    next-hop: VPN tunnel

Security Highlight