0

I've been trying to set this up for a while and while I'm a little out of my depth, what seems obvious to me doesn't seem to be working. It would be great to hear some other people's thoughts on the setup and understand if what I'd like is actually possible!

At our office we have a Zyxel USG 110 with a site-to-site connection (IPSec) to Azure. This means that when I'm working in the office I can access our Azure servers easily via a private network.

We also have a VPN (L2TP) configured on the USG110 to allow remote workers to connect to our LAN. This works OK, and they can access the local network - but they cannot access any of the Azure network, herein lies the issue.

USG110 - LAN: 192.168.0.x Azure - LAN: 10.0.6.x Remote client gets an IP from a pool 192.168.200.1 -> 192.168.200.100.

I thought it would be a simple case of adding a route between the remote client and Azure (i.e. source address is the remote pool, destination is the Azure subnet) - but this doesn't seem to work. Can anyone point out what I'm missing?

Is there any configuration I need to do on the remote client side of things beyond ensuring the connection to the USG110.

Dave Clarke
  • 135
  • 1
  • 7

2 Answers2

0

Have you tried NAT-ing traffic from your remote workers to an IP inside your office network (192.168.0.x), when they try to reach something in Azure (10.0.6.x)?

Alternatively, you probably have configured in Azure some encryption domain (defined by subnets) setting up your site-to-site tunnel. The L2TP subnet probably isn't included yet, and could/should be added both on Azure and your VPN gateway(s), to allow traffic through your tunnel.

SYN
  • 1,751
  • 9
  • 14
0

I think you need to setup a Policy Route that routes the traffic from the L2TP subnet to the Azure Subnet, set the policy so it routes the traffic to the gateway address of the Azure.

I presume you have a L2TP subnet, a subnet for the VPN to Azure and an Azure subnet?

The address you want to route the traffic to is the "far end" of the VPN to Azure subnet.

Hope this makes sense and it works.

Justin

Justin Millner
  • 1