VPN routing

Ajay · April 2023

Hi Team,

How do l ensure all my route users can browse around my server successfully, they can connect but not see the server which is on ip address 192.168.16.2 . l have a USG60

Zyxel_James · April 2023

If it's your scenario

USG60_A:
LAN1: 192.168.11.0/24
Local Policy 192.168.11.0/24
Remote Policy 192.168.12.0/24

USG_B
LAN1 192.168.12.0/24
LAN2 192.168.16.0/24 (server is 192.168.16.2)
Local Policy 192.168.12.0/24
Remote Policy 192.168.11.0/24

Please add policy route for routing the traffic to the server

For USG60_A:
Add a policy route
source address: 192.168.11.0/24
destination address: 192.168.16.2
next-hop: VPN tunnel

For USG60_B
Add a policy route
source address: 192.168.16.2
destination address: 192.168.1.11/24
next-hop: VPN tunnel

Zyxel_James · April 2023

Hello @Ajay,
Could you provide your topology of the network?
Is 192.168.16.2 in the local policy of your VPN tunnel?
You can enable the log option for the policy rules and check if there is any blocked log when the users connect to the server.

James

Ajay · April 2023

Good Morning James,

Thanks for the advice, l have not adjusted the policy control, if l have am not sure how l did it. how do l enable the log to capture this

Zyxel_James · April 2023

If it's your scenario

USG60_A:
LAN1: 192.168.11.0/24
Local Policy 192.168.11.0/24
Remote Policy 192.168.12.0/24

USG_B
LAN1 192.168.12.0/24
LAN2 192.168.16.0/24 (server is 192.168.16.2)
Local Policy 192.168.12.0/24
Remote Policy 192.168.11.0/24

Please add policy route for routing the traffic to the server

For USG60_A:
Add a policy route
source address: 192.168.11.0/24
destination address: 192.168.16.2
next-hop: VPN tunnel

For USG60_B
Add a policy route
source address: 192.168.16.2
destination address: 192.168.1.11/24
next-hop: VPN tunnel

VPN routing

Accepted Solution

All Replies

Categories

Security Highlight

Security Help Center