Multiple subnets with one IPSec VPN?
Recently replaced rusty 100mb/s firewall with shiny new USG 60, to be able use new ISP tariff plan with 300 mb/s and still be able to use IPSec tunnels to another site
Scheme is fairly easy, so no drawings, sorry
Local site - USG 60
192.168.6.0/24 - tel subnet
192.168.9.0/24 - computers subnet
Remote site - Cisco ASA
192.168.5.0/24 - tel subnet
192.168.10.0/24 - computers subnet
192.168.30.0/24 - servers subnet
The deployment scenario from Zyxel KB describes connecting ONE local subnet to ONE remote subnet, but i need to access all remote subnets from my local subnets. Now IPSec working and connecting telephone subnets only.
From previous experience using cisco / dlink firewalls, this is usually achieved by creating groups of objects(subnets) and then using them in VPN parameters, but the Zyxel interface explodes the brain
Could you please direct me in the right direction. Straight googling leads to nowhere.
Step-by step instruction will be best solution
Would greatly appreciate any help!
Thanks!
Scheme is fairly easy, so no drawings, sorry
Local site - USG 60
192.168.6.0/24 - tel subnet
192.168.9.0/24 - computers subnet
Remote site - Cisco ASA
192.168.5.0/24 - tel subnet
192.168.10.0/24 - computers subnet
192.168.30.0/24 - servers subnet
The deployment scenario from Zyxel KB describes connecting ONE local subnet to ONE remote subnet, but i need to access all remote subnets from my local subnets. Now IPSec working and connecting telephone subnets only.
From previous experience using cisco / dlink firewalls, this is usually achieved by creating groups of objects(subnets) and then using them in VPN parameters, but the Zyxel interface explodes the brain
Could you please direct me in the right direction. Straight googling leads to nowhere.
Step-by step instruction will be best solution
Would greatly appreciate any help!
Thanks!
0
Accepted Solution
-
Hi,
USG doesn't support multiple traffic selectors.
So you can use route-based VPN(VTI), if ASA OS is 9.7 or above.
5
Master MemberAll Replies
Categories
- All Categories
- 164 Beta Program
- 1.7K Nebula
- 86 Nebula Ideas
- 62 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 50 Switch Ideas
- 907 WirelessLAN
- 27 WLAN Ideas
- 5.3K Consumer Product
- 172 Service & License
- 294 News and Release
- 65 Security Advisories
- 14 Education Center
- 911 FAQ
- 399 Nebula FAQ
- 249 Security FAQ
- 90 Switch FAQ
- 100 WirelessLAN FAQ
- 18 Consumer Product FAQ
- 55 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 51 Security Highlight
