Client VPN access to site A and B

Irvold
Irvold Posts: 3  Freshman Member
First Comment

Hi

I am trying to create a senario link the one in the picture.

Now: VPN Client can connect to Site A and access local resources.

Site to Site VPN between Site A and Site B is working.

I want users on VPN Client to be able to acces both Site A and Site B, througth the Site to Site VPN.

How to do that?

All Replies

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,210  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    edited December 18

    Hi @Irvold

    To enable VPN clients connected to Site A to access resources at both Site A and Site B through the Site-to-Site VPN, you’ll need to configure policy routes on the firewalls at both Site A and Site B.

    For detailed guidance, please refer to the following threads, which discuss similar setups:

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Irvold
    Irvold Posts: 3  Freshman Member
    First Comment

    Tanks, I have tried the steps in that thread, but without susses.

    My Policy Route on Site A

    Nyk_Net is the VPN Site-to-Site
    ORENYK_Net is Site B Net - 192.168.1.0/24
    RemoteAccess_Wiz_Client is the address pool for the VPN Clients: 10.0.1.1-10.0.1.254
    RemoteAccess_Wiz is the Client IPSec VPN

    MY Policy Route on Site B:

    ORENYK_Net is Site B Net: 192.168.1.0/24
    OREVOR_VPNKlient_pool is the VPN Client address pool: 10.0.1.1-10.0.1.254
    Vord_net is SITE-TO-SITE VPN
    ORENYK_net is Site B net: 192.168.0.0/24

    Site-to-Site VPN

    192.168.1.0/24 - 10.0.0.0/16

    Client VPN

    Local policy: 10.0.0.0/16

    Do I need to change LAN1 on site A? It's 10.0.0.0/24 as the rest of the net on Site A.

    Any suggestions for what I'm doing wrong?

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,210  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @Irvold

    Could you please send us the startup-config.conf files for both of your devices via private message? This will help us review your setup more thoroughly.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,210  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    edited December 24

    Hi @Irvold

    As discussed in our private message, you can adjust your settings as follows to ensure your scenario works correctly:

    1. Site-to-Site VPN Configuration:
      1. Site A:
        • Local Policy: 10.0.0.0/8
        • Remote Policy: 192.168.1.0/24
      2. Site B:
        • Local Policy: 192.168.1.0/24
        • Remote Policy: 10.0.0.0/8
    2. Policy Route Adjustment:
      Remove or deactivate any policy routes configured on both sites.
    3. Remote Access VPN Adjustment:
      The remote access policy on Site A currently does not include the Site B subnet. Please adjust the Remote Access VPN settings on Site A as shown below:


    Without this configuration, the client won't know how to route traffic into the tunnel.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Security Highlight