|reply to zenon |
Re: zyxel usg 200configuration
I notice in your diagram the use of two routers in series. Normally, the USG alone should be able to perform that function. If the USG can't be used alone due to some peculiarity with VoIP, and/or the first router is also a modem, then I think the first router at the WAN should be in a different subnet outside the range of the USG. Using the private range starting with 10.something (I don't recall its limits), if not used by your ISP, would clearly distinguish it from the USG's subnets. I admit to no experience with such a configuration.
What is it that server B on the DMZ is not successfully doing? Its interaction with LAN1 will be mediated by the firewall in the USG. I don't think it needs a static route for that function. As for external access, ZyXel publishes somewhere in the user guide or notes how to set up a server in the DMZ accessible from the web. I am pretty sure that the ISP has to send you an internet routable IP address for the server to be accessible. There could be a difficulty from the first router being in the LAN1 subnet. But basically, the USG has to know that the external IP address being connected to translates to the DMZ address 192.168.3.33.