Zyxel USG Flex H series - How to configure route from VPN client (Site A vpn server) to Site B

MitjaS3NEXT · January 31

Hey dear community,
can't figure out how to configure this scenario

Site A - Zyxel USG 100H series (configured Remote Access VPN for client, configured Site to Site VPN from site A to site B)
Site B - Zyxel USG 100 series (configured Site to Site VPN from site B to site A)

Site to site VPN works perfectly in both ways. (Site A <> Site B)
Remote Access VPN - works perfectly, clients can cannot form other locations and acces devices on LAN of Site A.

How to configure route on the Site A zyxel usg flex H series (and probably also what to configure on Site B) that VPN clients can access devices on LAN of Site B?

PeterUK · January 31

Currently the FLEX H does not have next hop VPN tunnel but VTI for Route-based does if you set that up as site to site instead of Policy-based.

however one thing you can try which I'm not sure will work is to add the the VPN site to site you have in Phase 2 is your local IP pool for Remote Access VPN to remote subnet on the FLEX H

On USG 100 you will need to add a routing rule incoming LAN Destination Remote Access VPN next hop VPN tunnel.

MitjaS3NEXT · January 31

https://community.zyxel.com/en/discussion/comment/74549#Comment_74549

You mean like this? Not working :(

PeterUK · January 31

Yes guess you have to setup VTI

MitjaS3NEXT · January 31

https://community.zyxel.com/en/discussion/comment/74551#Comment_74551

Not an option :( since there also has to work a "site A to site C VPN tunel" where a 3rd party company requires policy-based VPN site to site.
What fascinates me the most is that the H series is the latest USG FLEX Zyxel series, how can the ‘NEXT HOP VPN TUNNEL’ setting be missing?

PeterUK · January 31

The FLEX H is on going to add stuff from older models

Zyxel USG Flex H series - How to configure route from VPN client (Site A vpn server) to Site B

All Replies

Categories

Security Help Center