Client VPN access to site A and B

Irvold · December 2024

Hi

I am trying to create a senario link the one in the picture.

Now: VPN Client can connect to Site A and access local resources.

Site to Site VPN between Site A and Site B is working.

I want users on VPN Client to be able to acces both Site A and Site B, througth the Site to Site VPN.

How to do that?

Zyxel_Kay · December 2024

Hi @Irvold

To enable VPN clients connected to Site A to access resources at both Site A and Site B through the Site-to-Site VPN, you’ll need to configure policy routes on the firewalls at both Site A and Site B.

For detailed guidance, please refer to the following threads, which discuss similar setups:

VPN client connected to site 1 need to have acces also to the subnet on site 2. — Zyxel Community
How to forward traffic to branch site server after client established VPN tunnel — Zyxel Community

Irvold · December 2024

Tanks, I have tried the steps in that thread, but without susses.

My Policy Route on Site A

Nyk_Net is the VPN Site-to-Site
ORENYK_Net is Site B Net - 192.168.1.0/24
RemoteAccess_Wiz_Client is the address pool for the VPN Clients: 10.0.1.1-10.0.1.254
RemoteAccess_Wiz is the Client IPSec VPN

MY Policy Route on Site B:

ORENYK_Net is Site B Net: 192.168.1.0/24
OREVOR_VPNKlient_pool is the VPN Client address pool: 10.0.1.1-10.0.1.254
Vord_net is SITE-TO-SITE VPN
ORENYK_net is Site B net: 192.168.0.0/24

Site-to-Site VPN

192.168.1.0/24 - 10.0.0.0/16

Client VPN

Local policy: 10.0.0.0/16

Do I need to change LAN1 on site A? It's 10.0.0.0/24 as the rest of the net on Site A.

Any suggestions for what I'm doing wrong?

Zyxel_Kay · December 2024

Hi @Irvold

Could you please send us the startup-config.conf files for both of your devices via private message? This will help us review your setup more thoroughly.

Zyxel_Kay · December 2024

Hi @Irvold

As discussed in our private message, you can adjust your settings as follows to ensure your scenario works correctly:

Site-to-Site VPN Configuration:
1. Site A:
  - Local Policy: 10.0.0.0/8
  - Remote Policy: 192.168.1.0/24
2. Site B:
  - Local Policy: 192.168.1.0/24
  - Remote Policy: 10.0.0.0/8
Policy Route Adjustment:
Remove or deactivate any policy routes configured on both sites.
Remote Access VPN Adjustment:
The remote access policy on Site A currently does not include the Site B subnet. Please adjust the Remote Access VPN settings on Site A as shown below: