Static Route between two Zyxel Routers
Freshman Member
I have a Zyxel USG Flex 700 that I use for my office network
I have a Zyxel ATP 800 that I use to manage my remote switches in the field
Both of these routers are mounted in the same rack. Right now, I have a VPN configured so that I can access my management network of the 800 from the internal office network of the 700.
However, since these two routers are side by side I would like to just use an ethernet cable between two of the LAN ports on each router to accomplish this rather than using a VPN since they are side by side.
The reason for using a Policy Route or Static Route, I am not sure which is best to use, is because we have VPNs configured from our home routers to access out internal office network on the Zyxel 700 router, so we can login to office equipment remotely, but this does not also allow me to access the management network of the 800 router.
What is the best way to go about doing this? Say I want to create a static route for networks to connect from router to router on LAN port 10 of each router. So just run an ethernet cable from port 10 of router 700 to port 10 of router 800.
I do know configuring a static route takes only a few settings and a policy router takes more configuration, so which is best for what I am wanting to accomplish?
Here are some of my main questions because I am ignorant on the subject completely:
what router do I set the static route on to make it work? or do I set it on both? or set the static route on one router and than set policy control rules on the other to allow the static route to work?
All Replies
-
Hi @cmanley ,
If you want to control only from LAN of FLEX 700 can route to LAN of ATP800.
Then policy route is better than static route.
You need add policy route on both FLEX 700 and ATP800
- On FLEX 700, add policy route: source: LAN of FLEX 700, destination: LAN of ATP800, next-hop: IP address of port 10 of ATP800
- On ATP800, add policy route: source: LAN of ATP800, destination: LAN of FLEX 700, next-hop: IP address of port 10 of FLEX 700
And policy control rule on FLEX 700, to allow LAN of FLEX 700 to LAN of ATP800
source: LAN of FLEX 700, destination: LAN of ATP800, action: allow
0 -
Yes static route is not what you use for this many way you can go about doing this.
USG Flex 700 Port 10 internal 192.168.255.1/30 Zone Link_to_ATP_800
Zyxel ATP 800 Port 10 internal 192.168.255.2/30 Zone Link_to_Flex_700
You can then access ATP 800 by Flex 700 on 192.168.255.2 with a policy rule from Link_to_Flex 700 to Zywall
Then if Flex 700 have a LAN1 192.168.0.0/24 and ATP 800 LAN1 192.168.1.0/24 you can add a
route rule on Flex 700
incoming LAN1
destination 192.168.1.0/24
next hop gateway 192.168.255.2
SNAT none
and do the same in reverse for ATP 800 and policy rules
0 -
Hi @cmanley ,
Using Policy Route to restrict specific source network subnet (for example MIS). I thought it is better than static route.
Please kindly refer zyman2008 struction. That's correct.
Thank you
0 -
I have attempted to make this work a couple times, but I have been unsuccessful. On the ATP800 router, I have my vlans in a zone I created called "zone_vlan". Could this be causing me issues with getting access to the network?
0 -
Hi @cmanley ,
Could you send both config file by Pirvate message ?
I need to check if something incorrect.
Thank you
0
Master Member
Guru Member
Zyxel Employee
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 88 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 918 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 920 Nebula FAQ
- 422 Security FAQ
- 237 Switch FAQ
- 208 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
