IPSec VTI VPN access device in overlapping subnet
All Replies
-
@Zyxel_Joshua thank you! Same config as mine so i have to enable the the "Policy Route overwrite Direct Route" option. Whats about Rule #1 in my screenshot? It must forward all traffic from wan1 Site B to USG Flex from Site A? Is it sage with the "Policy Route overwrite Direct Route" option?
Thanks!
Best,
baba0 -
Shouldn‘t be in Rule #3 next hop 10.70.70.2 instead of 10.70.70.20?
0 -
If the destination is directly connect to 10.70.70.20.
Why you need to route to 10.70.70.2 for another hop cost ?
0 -
Cloud you explain more for the requirement and use case of rule #1 wan1 to …
0 -
@Zyxel_Joshua rule #1 routes all incoming wan traffic from right USG to left USG. With this rule i want to ensure that left USG is also reachable from the public IP of right USG
0 -
Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN withoutpassing through the ZyWALL. A better solution is to use IP alias to put the ZyWALL and the backup gateway on separate subnets.
Found this in documentation. This means all WAN traffic now goes to LAN without NAT and Security Policy Routes? Whats about the IP alias solution, would it work?Thanks!
0 -
10.70.70.20 has 10.70.70.2 as default gateway. If 10.70.70.2 hop will be skipped when coming from 10.50.0.0/16 then 10.70.70.20 can not answer, or I am wrong?
0 -
"Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without passing through the ZyWALL."
This is wrong statement.
The security policy still check and block not allowed traffic. If there a policy not allow WAN to LAN.
1 -
If the next-hop of rule #3(of my comments) is 10.70.70.2, you get 4 steps of a roundtrip.
If the next-hop of rule #3(of my comments) is 10.70.70.20, you get 3 steps of a roundtrip.
So that, next-hop set to 10.70.70.20 is one lease hop cost (network latency) than to 10.70.70.2
1 -
@Zyxel_Joshua thank you for the detailed explanation! If you have any idea about the wan route then you have made me happy!
Thanks!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 95 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 385 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 72 Security Highlight