zyxel usg 200configuration
I would like to be able to limit access to NAS, private server and the printer where as the public server is accessible through internet via VPN. The private server is a network account server and when the DNS comes from somewhere else we lose function.
I spent many hours, studying and trying different configurations and ended up in a worse off situation. doesn't feel very good.
I would like to reset everything and start from scratch.
Could anyone make it a bit easier for me please?
The equipment that I'm trying to connect and shape access to are listed below.
bridged - router with VOIP - 192.168.1.254 (connected to zywall via cable)
zywall 200 USG -192.168.1.1 (connected to APE via cable)
bridged - Airport Extreme - 192.168.1.3, gateway 192.168.1.1, DNS 192.168.1.2
NAS - 192.168.1.101 (connected to APE via cable), Internal access only
private server - 192.168.1.2 : network account server, DNS server, (connected to APE via cable, internal access only)
public server 192.168.1.33 : network account server, VPN, wiki, web site
network printer 192.168.1.69 (WI-FI)
all the rest are connected to Airport via WI-FI
Any help will be much appreciated.
Suggest you provide a configuration diagram. My perception is that you have the same subnet at two levels, so some elements of the configuration will get confused about what paths must be taken to get to another element.
Ok this is how I got things working with the exception of 'server B'. I would like to keep both NAS and 'Server A' behind firewall for office use only. Any help, suggestion is more than welcome.
|reply to zenon |
I notice in your diagram the use of two routers in series. Normally, the USG alone should be able to perform that function. If the USG can't be used alone due to some peculiarity with VoIP, and/or the first router is also a modem, then I think the first router at the WAN should be in a different subnet outside the range of the USG. Using the private range starting with 10.something (I don't recall its limits), if not used by your ISP, would clearly distinguish it from the USG's subnets. I admit to no experience with such a configuration.
What is it that server B on the DMZ is not successfully doing? Its interaction with LAN1 will be mediated by the firewall in the USG. I don't think it needs a static route for that function. As for external access, ZyXel publishes somewhere in the user guide or notes how to set up a server in the DMZ accessible from the web. I am pretty sure that the ISP has to send you an internet routable IP address for the server to be accessible. There could be a difficulty from the first router being in the LAN1 subnet. But basically, the USG has to know that the external IP address being connected to translates to the DMZ address 192.168.3.33.
Everything seems to be working now. Airport is connected to USG, and the gadgets and a few computers are connected via airport.
I was able to get the server B online. NAT wasn't configured right.
Thanks for you help.