Equipment Support > Hardware By Brand > ZyXEL > USG50 Firewall Issue

USG50 Firewall Issue

Are the 4 LAN IPs public or private? If unsure post one of the LAN IPs here.

To Brano

my configuration is

WAN 1 = dynamic wan ip with 4 LAN IP ( 110.1.1.x/30)
LAN 1 = 192.168.1.x/24

Firewall port = 192.168.1.254

Computer 1 =192.168.1.197

if i nat 1:1 ip 110.1.1.1 to 192.168.1.197 i able to ping from outside

but i want to have some vpn site to site

then i decide to put 1 lan ip 110.1.1.4 to map with 192.168.1.254

as 192.168.1.254 is firewall support vpn

but when i nat 1:1
ip 110.1.1.4 to 192.168.1.254

i can't ping it from out

firewall policy have been disable

Thanks

OK, so on side A you have two public IPs and LAN 192.168.1.0/24.
On your side be ensure that LAN is different i.e. 192.168.2.0/24.

Then create IPSec Site-to-Site tunnel between site A and site B router.
Add appropriate firewall and policy rules and you should be done.
No need for any port forwarding.

Complete manual with example is here: »ftp://ftp2.zyxel.com/ZyWALL_USG_50/use···_Ed1.pdf
Some additional info here: »ftp://ftp2.zyxel.com/ZyWALL_USG_50/sup···3.00.pdf

reply to Nopparon
Brano

our internet provide dynamic public ip with static LAN IP (110.1.x.x)
this lan ip able to ping from outside because isp already been route in their radius that every time. this user dial up to isp they will get dynamic with automatic route to 4 LAN IP

then in my usg50 will get like 183.x.x.x but i need to NAT 1:1 to let computer/server able to remote and ping from outside

the problem is it look like usg 50 didn't allow me to nat itself.

i have been read scenario how to set up site to site vpn

but the basic thing is i have to able to ping it from outside first..

now i can't ping my vpn ip

Thanks

Sorry, your explanation is very confusing. A picture showing your side A, side B, USG WAN and LAN would really help to understand your setup.