USG110 3 sites vpn....
I am a user of USG110. I already have a site-to-site VPN connection set up from Site A to Site B. Now, I want to add another site-to-site VPN connection from Site A to Site C. What are the things I need to consider?
Site A aaa.aaa.aaa.aaa ——192.168.1.0/24
Site B bbb.bbb.bbb.bbb ——192.168.10.0/24
Site C ccc.ccc.ccc.ccc——-192.168.11.0/24
I don't remember will it be broadcast storm or something error if I use vpn connect as Site A-site B-site C-Site A as a circle
Will connection as Site B -Site A-Site C linear be better than circle one?
All Replies
-
Have the LAN subnets not be the same will make things easier
1 -
Hi @IkkI_Magna
@PeterUK is correct.
The other items you should consider are those needed to fill in the VPN Wizard fields as shown in the user guide at
https://prodotti.zyxel.it/USERSGUIDE/ZYXUSG-ADVANCED.pdf
The following webpage might also help
Kind regards,
Tony
0 -
I can not open the link
https://prodotti.zyxel.it/USERSGUIDE/ZYXUSG-ADVANCED.pdf
for
https://mysupport.zyxel.com/hc/en-us/articles/360005745060--ZyWALL-USG-How-to-manually-configure-a-Site-to-Site-VPN-tunnel
it is useful for me when I create 1st vpn connection. but for 2nd vpn…is it ?
0 -
Hello @IkkI_Magna
I think that the how to set-up site to site VPN article should be ok for your 2nd VPN, as I have not found anything that says the USG110 is limited to only 1 VPN.
- The comparison at https://www.zyxel.com/us/en-us/products/next-gen-firewall/unified-security-gateway-usg110-210-310/comparison says that USG100 can do 100 concurrent IPSEC VPN tunnels,
The VPN throughput is limited to 400 Mbps with USG110, according to https://www.zyxel.com/us/en-us/products/next-gen-firewall/unified-security-gateway-usg110-210-310/comparison , so that might limit the VPN.
There might also be some helpful information at https://support.zyxel.eu/hc/en-us/sections/17702139133714-USG-FLEX-ATP-VPN-Series-USG
The things you need are as shown in the attached screenshot I think:
I think that you might a hub and spoke VPN architecture, so that VPN1 goes Site A to Site B and VPN 2 goes from Site A to Site C.
You could also have a VPN from Site B to Site C, so that you have a triangle of VPN, and let spanning tree protocol (STP) avoid having a broadcast storm of datagrams at layer 2.
Kind regards,
Tony
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight