PeterUK

so this is solved?

in Source NAT through vpn tunnels Comment by PeterUK December 21

This is a lot to take in. If site A LAN is 192.168.11.0/24 site B LAN is 192.168.22.0/24 site C LAN is 192.168.33.0/24 You have site B 192.168.22.0/24 SNAT site to site to single fake address 192.168.44.1 to get to site C and now you want site A to go to C as that fake address 192.168.44.1 through B. is that about right?

in Source NAT through vpn tunnels Comment by PeterUK December 21

Have you enabled IP/MAC Binding and DHCP Enforcement? so if a Unauthorized client find the MAC of authorized MAC and clone it they are allowed Or any new client and MAC is allowed by IP/MAC Binding because the reserved IP/MAC list is not a only allow these to connect. So you would need a switch to do MAC limiting but…

in IP/MAC Binding Comment by PeterUK December 20

You should be able to to go to latest without risk backup config is a good idea

in update firmware USG60 from 4.20 to 4.73 (latest) Comment by PeterUK December 20

Maybe your doing it without knowing? if you USG WAN interfaces gets a IP 192.168.xxx.xxx then your Double NAT, if you get a IP on the interface like shown on whats my IP then your not Double NAT which is best. Just wanted to see if Double NAT made a difference which it shouldn't. But as your on old USG 200 thats likely the…

in Zyxel USG 200 Bandwith limitation Comment by PeterUK December 20

This is the old USG 200 not FLEX 200? so likely hardware limit but its odd your upload speed is slow… Can you try double NAT with your ISP router.

in Zyxel USG 200 Bandwith limitation Comment by PeterUK December 20

Are you sending to your mail server? My Daily Report works here to my mail server using port 25 TLS and STARTTLS

in Zywall USG Flex 200H Email Daily Report not working Comment by PeterUK December 19

So you need to make a new rule from WAN to Zywall with service TCP 10443 or you can add to that default group TCP 10443

in SSL VPN block access USGFLEX100H Comment by PeterUK December 18

Have you allowed from WAN to Zywall ?

in SSL VPN block access USGFLEX100H Comment by PeterUK December 18

Update this is due to how real DMZ type 3 works

in No sessions for traffic through the bridge Comment by PeterUK December 18

The setup for VTI vs how H models do to non H are different but here is a short setup VPN client IKEv2 192.168.144.0/24 > Zywall 110 > VTI 192.168.138.13/28 > FLEX200H VTI 192.168.138.12/28 > LAN 192.168.138.1/28 to 192.168.138.2 DNS server On FLEX200H you go to VPN > IPSec VPN > add IKEv1 with custom select Route-Based…

in FLEX 100 H - policy route and next hop Comment by PeterUK December 17

You can setup routing policy like incoming VLAN10 next hop WAN1

in Set WAN2 as primary WAN. Comment by PeterUK December 17

😯

in ✨Your 2024 Moments in Zyxel Community 🎊 Comment by PeterUK December 16

looks correct do a test here HQ1, HQ2 and HQ3 VLAN66 192.168.66.3 > HQ1 > Tunnel >HQ2 > route to tunnel > HQ3 VLAN47 192.168.255.40 HQ1 route incoming VLAN66 destination 192.168.255.32/28 next hop to tunnel HQ2 route incoming tunnel destination 192.168.255.32/28 to next hop to tunnel HQ2 route incoming tunnel…

in Traffic between tunnels (and NAT) Comment by PeterUK December 14

Ok setup routing rules top of the list IPA side FLEX200 incoming LAN destination 192.168.11.0/24 next hop VPN tunnel IPB side FLEX200 incoming LAN destination 192.168.0.0/24 next hop VPN tunnel

in IPSec VPN behind routeur and DMZ Comment by PeterUK December 12

PeterUK Guru Member

Comments