USG20-Accessing more subnets on remote IPSec site
i have VPN IPSec tunnel to other site where Kerio Control is running. Tunnel is working fine and on the remote site i can access on all subnets also with VPN client connected to Kerio.
I need to access all subnets also from network behind zywall,
my local subnet is 192.168.5.0/24, remote subnets are
all are with /24 mask
but i can reach only the subnet which is defined in Remote policy in VPN Connection of the tunnel on zywall, from remote site im able to reach 192.168.5.0 subnet olny from subnet which is in policy on zywall.
I've set up routing policies where
incoming-any,source-LAN1,Destination-remotesubnet1,next-hop-VPN Tunnel i created before,DSCP marking-none,SNAT-none
also tryied to set up policy where source was remote subnet, destination LAN1 next-hop was LAN1 interface.
when i do traceroute it goes to zywall and there it ends. Firewall on zywall is off.
I dont know what else i should try to get it working
There are two settings:
1- gateway policy (point to point)
2 -connections policies.
You can have more connection policies for a single p-to-p gateway setting.
For USG to USG you need to declare outgoing policy route (snat = none).
For USG to not-USG declare policy routes in and out
from LANx to RemLan1 ... Outgoing:TunnelX Snat:none
from IPSEC TunnelX to LANx Outgoing:LANx Snat None
Have a look on firewall policies (LAN to IPSEC adn viceversa).