SSL VPN with multiple address pools on Zyxel USG Flex 100H

seby · September 15

I have a Zyxel USG Flex 100H with an SSL VPN configured on the default pool.

My LAN uses two separate subnets, each with a dedicated server.

Is it possible to configure the SSL VPN to handle multiple address pools so that both subnets can be accessed?

PeterUK · September 15

You can use Local Networks Only (Split Tunnel) to add the two subnets if you don't use Internet and Local Networks (Full Tunnel).

If you mean you want one user group to access one subnet and not the other you can se that up by policy control by user option.

Zyxel_Tina · September 16

Hi @seby,

Could you please confirm if your VPN clients should use their own local network for Internet access?

If yes, then you can use Split Tunnel, and add the required local subnets so that the clients can access both.
If not, you can configure Full Tunnel, which will also allow the clients to reach the different subnets through the VPN.

seby · September 16

Thanks for your replies. Maybe I didn’t explain myself well the first time. What I actually need is for external users connecting through VPN to receive an IP address from one of the internal IP ranges of my network. In my setup I have two different IP classes: depending on the user, one should get an address from the 192.168.x.x range, while another should get one from the 192.168.y.y range.

On another device I own, a ZyWALL USG20, I noticed that this model allows me to configure multiple SSL_VPN connections, which seems to cover this requirement.

PeterUK · September 16

The SSL client can only get a IP from the SSL IP pool not from a LAN interface.

currently the FLEX H can not do multiple SSL_VPN only one IP pool

SSL VPN with multiple address pools on Zyxel USG Flex 100H

All Replies

Categories

Security Help Center