Knowledge Base

How to control traffic from L2TP/IPSec/SSL traffic to access branch sites in VPN concentrator?

Scenario

How to control traffic from L2TP/IPSec/SSL traffic to access branch sites in VPN concentrator?

Step

VPN concentrator is configrued on HQ.
HQ subnet- 192.168.1.0/24
L2TP VPN client subnet on HQ- 192.168.70.0/24
BR1- 192.168.11.0/24
BR2- 192.168.10.0/24
 
Policy Routes on HQ
Rule 1
Incoming- L2TP VPN tunnel
Destination - BR1 subnet
Next Hop- VPN tunnel to BR1
 
Rule 2
Incoming- L2TP VPN tunnel
Destination - BR2 subnet
Next Hop- VPN tunnel to BR2
 
Rule 3 (Optional- for L2TP VPN clients to access Internet)
Incoming- L2TP VPN tunnel
Soucre- any
Destination - any
Next Hop- auto
SNAT- outgoing-interface
 
 
Policy Routes on  BR1
Rule 1
Incoming- any
Destination - HQ's L2TP VPN client subnet
Next Hop- VPN tunnel to HQ
 
Rule 2
Source- BR1 subnet
Destination - BR2 subnet
Next Hop- VPN tunnel to HQ
 
 
Policy Routes on BR2
Rule 1
Incoming- any
Destination - HQ's L2TP VPN client subnet
Next Hop- VPN tunnel to HQ
 
Rule 2
Source- BR2 subnet
Destination - BR1 subnet
Next Hop- VPN tunnel to HQ
 

 

Verification

On L2TP VPN client, it is able to ping IP address of the subnet of BR1(192.168.11.0/24) and BR2(192.168.10.0/24).



YES NO

Please leave your comment:

SUBMIT

Question Profile

LANGUAGE:
ARTICLE ID:017933
TYPE:Application / Configuration Example
FIRMWARE:4.35 and above
VIEWS:102
VOTES:0
TECHNOLOGY:
MODEL:ATP200,ATP500,ATP800 (view more model name)

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support