Site-to-Site Force Tunnel
All Replies
-
Routing. And firewall/policy rules.
0 -
Hi @KITNIT,
Here’s an example setup for this environment;
In USG60’s configurations you need to add following policy routes;
(Configuration > Network > Routing > Policy Route)
1- With the source address of 10.10.10.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
2- Any traffic to 20.20.20.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
3- Any traffic from 20.20.20.0/24 will be forwarded to SYSTEM_DEFAUL_WAN_TRUNK
You will also need to add a Security Policy rule;
(Configuration > Security Policy > Policy Control)
Allow the traffic that comes from IPSec_VPN.
In USG40’s configurations you need to add following policy routes;
(Configuration > Network > Routing > Policy Route)
1- With the source address of 20.20.20.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
2- Any traffic to 10.10.10.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
3- Any traffic from 10.10.10.0/24 will be forwarded to SYSTEM_DEFAULT_WAN_TRUNK
You will also need to add a Security Policy rule;
(Configuration > Security Policy > Policy Control)
0 -
I have to make such a site-site VPN, my question is, shouldn't the routings be added exactly the reciproc way around? …what is in USG40 to USG60 and vica-versa?
f I understand correctly, this is necessary in case of the two sites, only one site can "go to the internet"?0
Guru Member
Zyxel Employee
Freshman Member
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 359 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 262 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
