Client VPN access to site A and B
Hi
I am trying to create a senario link the one in the picture.
Now: VPN Client can connect to Site A and access local resources.
Site to Site VPN between Site A and Site B is working.
I want users on VPN Client to be able to acces both Site A and Site B, througth the Site to Site VPN.
How to do that?
All Replies
-
Hi @Irvold
To enable VPN clients connected to Site A to access resources at both Site A and Site B through the Site-to-Site VPN, you’ll need to configure policy routes on the firewalls at both Site A and Site B.
For detailed guidance, please refer to the following threads, which discuss similar setups:
Kay
See how you've made an impact in Zyxel Community this year!
0 -
Tanks, I have tried the steps in that thread, but without susses.
My Policy Route on Site A
Nyk_Net is the VPN Site-to-Site
ORENYK_Net is Site B Net - 192.168.1.0/24
RemoteAccess_Wiz_Client is the address pool for the VPN Clients: 10.0.1.1-10.0.1.254
RemoteAccess_Wiz is the Client IPSec VPNMY Policy Route on Site B:
ORENYK_Net is Site B Net: 192.168.1.0/24
OREVOR_VPNKlient_pool is the VPN Client address pool: 10.0.1.1-10.0.1.254
Vord_net is SITE-TO-SITE VPN
ORENYK_net is Site B net: 192.168.0.0/24Site-to-Site VPN
192.168.1.0/24 - 10.0.0.0/16
Client VPN
Local policy: 10.0.0.0/16
Do I need to change LAN1 on site A? It's 10.0.0.0/24 as the rest of the net on Site A.
Any suggestions for what I'm doing wrong?
0 -
Hi @Irvold
As discussed in our private message, you can adjust your settings as follows to ensure your scenario works correctly:
- Site-to-Site VPN Configuration:
- Site A:
- Local Policy:
10.0.0.0/8
- Remote Policy:
192.168.1.0/24
- Local Policy:
- Site B:
- Local Policy:
192.168.1.0/24
- Remote Policy:
10.0.0.0/8
- Local Policy:
- Site A:
- Policy Route Adjustment:
Remove or deactivate any policy routes configured on both sites. - Remote Access VPN Adjustment:
The remote access policy on Site A currently does not include the Site B subnet. Please adjust the Remote Access VPN settings on Site A as shown below:
Without this configuration, the client won't know how to route traffic into the tunnel.Kay
See how you've made an impact in Zyxel Community this year!
0 - Site-to-Site VPN Configuration:
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight