Routing of several subnets through one VPN channel with Lancom and Zyxel
All Replies
-
Hmm, From your video, you're using very old firewall unit..
At least new USGFLEX/ATP you can set policy route : 192.168.0.0/24 next-hop VPN tunnel.
But I'm not sure if it support on oldest USG.
I would suggest upgrade your units for security or maintain concerns.
0 -
I got it running finally! On the LANCOM side I configured 0.0.0.0/0 as remote network and the routes for the three networks to the tunnel. On the Zyxel side I just configured 0.0.0.0/0 as local policy. I did not configure any policy routes. There are just two static routes for the two special networks to the third router. I expected that the "normal" traffic from location B goes through the tunnel as well without special policy routes. But the "normal" traffic goes directly to the Internet in both locations as desired.
How can that be? Does the LANCOM propagate its routing table to the Zyxel?
0 -
What's your remote policy on Zyxel side ?
0 -
192.168.0.0/24 which is the subnet of location A. OK, I got it.
Thanks to all for the discussion, especially to PeterUK for his idea to use 0.0.0.0/0.
There is just one thing. The establishment of the connection looks like this in the LANCOM log:2023-11-28 00:54:27 LOCAL0 Fehler last message repeated 2 times
2023-11-28 00:54:07 LOCAL0 Fehler VPN: Error for peer VPN_2_USG: IPSEC-I-No-proposal-matched
2023-11-28 00:54:04 AUTH Hinweis Successfully connected to peer VPN_2_USG
2023-11-28 00:54:02 LOCAL0 Fehler VPN: Error for peer VPN_2_USG: IPSEC-I-No-proposal-matchedI have no clue where the 4 errors come from. This is reproducable, but it works anyway. As far as I can see, there is an equal configuration on both sides. I use IKEv1 with PSK because this Zyxel does not support IKEv2. On the Zyxel side I can't see any errors.
1
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight