Help needed with Policy Route for VPN after configuring USG210 at HQ with a failover.
Hi,
I have a HQ with a Zyxel USG 210 and a branch office with a Zyxel USG 20W. I have a VPN tunnel configured between them and the VPN was working fine. I then configured a failover at HQ exactly as per these instructions : https://support.zyxel.eu/hc/en-us/articles/360001378653-How-to-setup-WAN-Failover
After which the failover at HQ works fine but the VPN from the branch office no longer works. I have narrowed the problem down to the new Policy Route for the failover because as soon as I disable this policy the VPN passes traffic again.
I would be grateful if someone could give me an idea of how to modify the Policy Route to account for the VPN as well as the failover.
Thanks
I have a HQ with a Zyxel USG 210 and a branch office with a Zyxel USG 20W. I have a VPN tunnel configured between them and the VPN was working fine. I then configured a failover at HQ exactly as per these instructions : https://support.zyxel.eu/hc/en-us/articles/360001378653-How-to-setup-WAN-Failover
After which the failover at HQ works fine but the VPN from the branch office no longer works. I have narrowed the problem down to the new Policy Route for the failover because as soon as I disable this policy the VPN passes traffic again.
I would be grateful if someone could give me an idea of how to modify the Policy Route to account for the VPN as well as the failover.
Thanks
0
All Replies
-
Hi @elkrust,
Is the following the goal to achieve?
USG210(HQ) has 2 wan interfaces and USG20W(branch) has 1 wan interface.
And you'd like to make the VPN connection failover to wan2 once the wan1 connection is down.
Please share the topology and scenario with us if the scenario above is not the goal you'd like to achieve.
0 -
Thanks for replying.
Correct USG210(HQ) has 2 wan interfaces and USG20W(branch) has 1 wan interface. I am not too fussed about maintaining the VPN connection if the WAN1 fails at HQ on the USG210. It is more important that HQ remains up once it drops back to WAN2.
My problem is that even when both interfaces are up at HQ and the failover configured via the Route Policy mentioned in the guide, the VPN connection breaks.
I hope this helps describe the problem further.0 -
Hi @elkrust,I'm not sure if you're using ZyWALL USG 20W or USG20W-VPN at the branch site.Attached document is the configuration guide to setup VPN failover between USG210 and ZyWALL USG 20W.If you're using USG20W-VPN at the branch site, you can also follow the steps in the FAQ topic and configure two VTI tunnels and a VTI trunk including two VTI interfaces.FAQ:0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 72 Security Highlight